[Samba] Re: net rpc vampire still not working

Craig White craigwhite at azapple.com
Sat Jan 3 07:01:20 GMT 2004

On Fri, 2004-01-02 at 22:04, Chew, Darren wrote:
> Hi Craig,
> smbd & nmbd not running and domain master = no. I have included the rest 
> of the smb.conf for troubleshooting. Joined domain ok. 'net rpc testjoin' 
> returns OK. Still receive same errors when migrating users. Groups migrate 
> ok.
> Can't call method "get_value" on an undefined value at 
> /opt/local/samba/sbin/smbldap-useradd.pl line 152, <DATA> line 283.
> [2004/01/03 15:51:47, 1] utils/net_rpc_samsync.c:fetch_account_info(445)
>   fetch_account: Running the command 
> `/opt/local/samba/sbin/smbldap-useradd.pl -a -m "Administrator"' gave 29
> Thanks for the suggestions and help received.
> Darren
> [global]
>         workgroup = SAMBA
>         security = DOMAIN
>         passdb backend = ldapsam
>         add user script = /sbin/smbldap-useradd.pl -a -m "%u"
>         delete user script = /sbin/smbldap-userdel.pl -r "%u"
>         add user to group script = /sbin/smbldap-groupmod.pl -m "%u" "%g"
>         delete user from group script = /sbin/smbldap-groupmod.pl -x "%u" "%g"
>         set primary group script = /sbin/smbldap-usermod.pl -g "%g" "%u"
>         add group script = /sbin/smbldap-groupadd.pl -a -p "%g"
>         delete group script = /sbin/smbldap-userdel.pl "%g"
>         add machine script = /sbin/smbldap-useradd.pl -w -d /dev/null -g nobody -c "Machine Account" -s /bin/false "%u"
>         domain logons = Yes
>         preferred master = No
>         local master = No
>         domain master = No
>         wins support = Yes
>         ldap suffix = dc=samba,dc=org
>         ldap machine suffix = ou=Computers
>         ldap user suffix = ou=People
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=Idmap
>         ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
>         ldap admin dn = cn=root,ou=People,dc=samba,dc=org
>         ldap ssl = no
>         ldap passwd sync = Yes
>         idmap backend = ldap:ldap://localhost
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         template shell = /usr/bin/bash
>         printer admin = ntadmin
> [netlogon]
>         path = /opt/local/samba/lib/netlogon
>         write list = ntadmin
>         locking = No
I'm not gonna delve into the steps that 'beast' has listed, that seems
to be a plan, perhaps slightly different than the way that I attacked it
but similar enough.

What I noticed about your smb.conf is that you are using dc=samba,
dc=org for your ldap suffix and ultimately for your admin dn - which
suggests to me that you aren't totally comfortable with ldap and are
trying to wing it and have absolutely nothing else going on with ldap on
your network.

So first, I gotta ask, why are you using ldap? 

How do you know that it's working?

Are you comfortable with the ldapadd/ldapsearch/ldapmodify commands and
can you execute them at will to add, search and modify existing records?
If so, why then are you using dc=samba, dc=org as your suffix? Is this
samba.org domain that you are working with?

If you aren't comfortable working with ldapadd/ldapsearch/ldapmodify
commands directly from the command line, chances are slim to none that
you will get samba worked out because there is so much that will need
tuning between the smbldap scripts, between windbind/nsswitch/pam that
directly impacts the way that samba authenticates and manages its'

So again, ask yourself, why am I using ldap? I would suggest that you
consider using a different backend and when you have a working ldap
system and the knowledge of how to manipulate ldap, use the tools to
migrate the backend to ldap - you will save yourself a whole lot of
time, energy and aggravation.


More information about the samba mailing list