[Samba] Problem adding smb accounts on 3.0.1/ldap
Ian Potter
ian.potter at dsl.pipex.com
Wed Jan 14 12:20:43 GMT 2004
I am setting up a Samba 3 server with ldap support- packages from Debian
backports.org- but have run into a problem setting up the samba
attributes. If there is a user existing in the local /etc/passwd file then
smbpasswd -a correctly sets up the samba user in the ldap directory.
However, if I preload the posixAccount and other data for a user using an
ldif import then attempt to use smbpasswd to add the samba attributes it
fails.
Setting sambaSamAccount, sambaSID and sambaPrimaryGroupSID in the ldif
file seems to fix the problem but I didn't realise that this necessary.Or
is there a problem with smbpasswd?
smb.conf
# Global parameters
[global]
domain logons = yes
workgroup = BSTORE
netbios name = TEST-SERVER2
server string = LDAP/Samba Development Server
security = user
encrypt passwords = Yes
# obey pam restrictions = Yes
passdb backend = ldapsam:ldap://test-server2.liv.buildstore.co.uk/
# smbpasswd -x delete the entire dn-entry
ldap delete dn = no
ldap passwd sync = yes
ldap ssl = start tls
ldap suffix = dc=buildstore,dc=co,dc=uk
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = "cn=manager,dc=buildstore,dc=co,dc=uk"
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
logon drive = h:
logon home = \\%L\%U
logon path = \\%L\profiles\%U\
logon script = users.bat
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
add user script = /usr/local/sbin/create-machine-account.sh %u
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
testuser ldif
dn: uid=testuser, ou=users,dc=buildstore,dc=co,dc=uk
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetLocalMailRecipient
uid: testuser
cn: LDAP TestUser
sn: TestUser
givenname: LDAP
title: Admin
departmentNumber: IT
mobile: 0779-789-6552
postalAddress: Kingsthorne Park$Houstoun Industrial Est$Livingston
telephoneNumber: 01506-409-245
facsimileTelephoneNumber: 0870-870-9992
userpassword: {MD5}F5rUXGziy5fPECniEgRugQ==
labeleduri: http://intranet.liv.buildstore.co.uk/~testuser/
mail: testuser at buildstore.co.uk
mailRoutingAddress: testuser at domino1.liv.buildstore.co.uk
loginShell: /bin/bash
uidNumber: 529
gidNumber: 100
homeDirectory: /home/liv/users/testuser/
gecos: testuser_gecos-field
description: Not Available
localityName: Livingston
Output of smbpasswd -a testuser -D 5
test-server2:~# ldapmodify -D "cn=manager,dc=buildstore,dc=co,dc=uk" -w
hydra62 -x -a -f ./testuser.ldif.bak
adding new entry "uid=testuser, ou=users,dc=buildstore,dc=co,dc=uk"
test-server2:~# smbpasswd -a testuser -D 5
Netbios name list:-
my_netbios_names[0]="TEST-SERVER2"
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://test-server2.liv.buildstore.co.uk/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
ldapsam:ldap://test-server2.liv.buildstore.co.uk/ (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BSTORE))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=BSTORE))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://test-server2.liv.buildstore.co.uk/ has a valid
init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[(&(&(uid=testuser)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
ldapsam_getsampwnam: Unable to locate user [testuser] count=0
Finding user testuser
Trying _Get_Pwnam(), username as lowercase is testuser
Get_Pwnam_internals did find user [testuser]!
ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=100))]
init_group_from_ldap: Entry found for group: 100
smbldap_search_suffix: searching
for:[(&(&(uid=testuser)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-3851587022-395417704-477425307-2058)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(uid=testuser)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-3851587022-395417704-477425307-2058)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: testuser
ldapsam_modify_entry: Failed to add user dn=
uid=testuser,ou=users,dc=buildstore,dc=co,dc=uk with: Already exists
ldapsam_add_sam_account: failed to modify/add user with uid = testuser (dn
= uid=testuser,ou=users,dc=buildstore,dc=co,dc=uk)
Failed to add entry for user testuser.
Failed to modify password entry for user testuser
Any ideas?
Ian
--
Ian Potter
"There is such a thing as acceptible losses,
yours wouldn't bother me at all..."
More information about the samba
mailing list