[Samba] Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap

Carlos García Recio carlos at senado.es
Thu Feb 19 11:07:49 GMT 2004

samba 3.0.2
smbldap-tools 0.8.4
RH 9
nss_ldap configured
pam_ldap NOT configured
LDAP passwd backend
winxp pro domain member

i've configured smbldap-tools in smb.conf to manage users from usrmgr.exe. It 
works at group creation but have a strange behavior in user creation. In the 
LDAP there are two manually created accounts; Administrador & invitado, both 
posixAccount and sambaSamAccount. When i try to create a new account with 
usrmgr using "smbldap-useradd %u" in "add user script" i get this error:

[2004/02/19 11:37:53, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1634)
  ldapsam_add_sam_account: failed to modify/add user with uid = juan (dn = 
[2004/02/19 11:37:53, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2251)
  could not add user/computer juan to passdb.  Check permissions?

The usrmgr shows me an "Access denied" window and as result i can find a new 
entry in the LDAP server with uid=juan that is a posixAccount and 

It looks like smbldap-useradd create a new entry (posixAccount) in the LDAP 
server and then samba tries to create the same entry (but with 
sambaSamAccount i think)

I can get rid this error making a conventional unix account with "useradd" 
(created in /etc/passwd) and then adding the user with usrmgr. As result i 
get a new entry in the LDAP server that is a sambaSamAccount but not a 
posixAccount. (in this case i think that i didn't use add user script)

The question is, how must i configure to create new users throw usrmgr with 
add user script = ...smbldap-useradd %u and getting as result a new entry in 
the LDAP server that is both posixAccount and sambaSamAccount?

Thanks in advance!


More information about the samba mailing list