[Samba] Problem adding smb accounts on 3.0.1/ldap

Ian Potter ian.potter at dsl.pipex.com
Wed Jan 14 12:20:43 GMT 2004 

I am setting up a Samba 3 server with ldap support- packages from Debian
backports.org- but have run into a problem setting up the samba
attributes. If there is a user existing in the local /etc/passwd file then
smbpasswd -a correctly sets up the samba user in the ldap directory.
However, if I preload the posixAccount and other data for a user using an
ldif import then attempt to use smbpasswd to add the samba attributes it
fails.

Setting sambaSamAccount, sambaSID and sambaPrimaryGroupSID in the ldif
file seems to fix the problem but I didn't realise that this necessary.Or
is there a problem with smbpasswd?


smb.conf


# Global parameters
[global]
	domain logons = yes
	workgroup = BSTORE
	netbios name = TEST-SERVER2
	server string = LDAP/Samba Development Server
	security = user
	encrypt passwords = Yes
#	obey pam restrictions = Yes
	passdb backend = ldapsam:ldap://test-server2.liv.buildstore.co.uk/
	# smbpasswd -x delete the entire dn-entry
	ldap delete dn = no
	ldap passwd sync = yes
	ldap ssl = start tls
	ldap suffix = dc=buildstore,dc=co,dc=uk
	ldap machine suffix = ou=machines
	ldap user suffix = ou=users
	ldap group suffix = ou=groups
	ldap admin dn = "cn=manager,dc=buildstore,dc=co,dc=uk"
	ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
	logon drive = h:
	logon home = \\%L\%U
	logon path = \\%L\profiles\%U\
	logon script = users.bat
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
	add user script = /usr/local/sbin/create-machine-account.sh %u
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No

testuser ldif

dn: uid=testuser, ou=users,dc=buildstore,dc=co,dc=uk
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetLocalMailRecipient
uid: testuser
cn: LDAP TestUser
sn: TestUser
givenname: LDAP
title: Admin
departmentNumber: IT
mobile: 0779-789-6552
postalAddress: Kingsthorne Park$Houstoun Industrial Est$Livingston
telephoneNumber: 01506-409-245
facsimileTelephoneNumber: 0870-870-9992
userpassword: {MD5}F5rUXGziy5fPECniEgRugQ==
labeleduri: http://intranet.liv.buildstore.co.uk/~testuser/
mail: testuser at buildstore.co.uk
mailRoutingAddress: testuser at domino1.liv.buildstore.co.uk
loginShell: /bin/bash
uidNumber: 529
gidNumber: 100
homeDirectory: /home/liv/users/testuser/
gecos: testuser_gecos-field
description: Not Available
localityName: Livingston

Output of smbpasswd -a testuser -D 5
test-server2:~# ldapmodify -D "cn=manager,dc=buildstore,dc=co,dc=uk" -w
hydra62 -x -a -f ./testuser.ldif.bak
adding new entry "uid=testuser, ou=users,dc=buildstore,dc=co,dc=uk"

test-server2:~# smbpasswd -a testuser -D 5
Netbios name list:-
my_netbios_names[0]="TEST-SERVER2"
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://test-server2.liv.buildstore.co.uk/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
ldapsam:ldap://test-server2.liv.buildstore.co.uk/ (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BSTORE))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=BSTORE))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://test-server2.liv.buildstore.co.uk/ has a valid
init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[(&(&(uid=testuser)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
ldapsam_getsampwnam: Unable to locate user [testuser] count=0
Finding user testuser
Trying _Get_Pwnam(), username as lowercase is testuser
Get_Pwnam_internals did find user [testuser]!
ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=100))]
init_group_from_ldap: Entry found for group: 100
smbldap_search_suffix: searching
for:[(&(&(uid=testuser)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-3851587022-395417704-477425307-2058)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(uid=testuser)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-3851587022-395417704-477425307-2058)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: testuser
ldapsam_modify_entry: Failed to add user dn=
uid=testuser,ou=users,dc=buildstore,dc=co,dc=uk with: Already exists

ldapsam_add_sam_account: failed to modify/add user with uid = testuser (dn
= uid=testuser,ou=users,dc=buildstore,dc=co,dc=uk)
Failed to add entry for user testuser.
Failed to modify password entry for user testuser

Any ideas?

Ian

-- 
Ian Potter
"There is such a thing as acceptible losses,
 yours wouldn't bother me at all..."

More information about the samba mailing list