[Samba] smbldap-useradd hangs in RH9
Carlos García Recio
carlos at senado.es
Tue Mar 2 12:49:51 GMT 2004
samba 3.0.2
smbldap-tools 0.8.4
RH 9
nss_ldap configured
pam_ldap NOT configured
LDAP passwd backend
Hi,
i've instaled samba 3.0.2 with smbldap-tools 0.8.4 twice in two different RH9.
I got it runs in the first but not in the second with the same configuration
(i think) The problen is (i got the same problem the first time but i don't
remember how i fixed it) that when i try to create a new posix/samba account
(with smbldap-useradd -a juan, for example) it runs until it create the posix
account. Then it hangs. What could be happen?
Thanks in advance!
Carlos
slapd[3195]: daemon: conn=271 fd=12 connection from IP=127.0.0.1:33598
(IP=0.0.0.0:389) accepted.
slapd[3195]: conn=271 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=271 op=0 RESULT tag=97 err=0 text=
slapd[3195]: conn=271 op=1 SRCH base="o=senado.es" scope=2
filter="(&(objectClass=posixAccount)(uidNumber=1000))"
slapd[3195]: conn=271 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[3195]: daemon: conn=272 fd=17 connection from IP=127.0.0.1:33599
(IP=0.0.0.0:389) accepted.
slapd[3195]: conn=272 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=272 op=0 RESULT tag=97 err=0 text=
slapd[3195]: conn=272 op=1 SRCH base="o=senado.es" scope=2
filter="(&(objectClass=posixAccount)(uid=juan))"
slapd[3195]: conn=272 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[3195]: conn=272 op=2 UNBIND
slapd[3195]: conn=-1 fd=17 closed
slapd[3195]: daemon: conn=273 fd=17 connection from IP=127.0.0.1:33600
(IP=0.0.0.0:389) accepted.
slapd[3195]: conn=273 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=273 op=0 RESULT tag=97 err=0 text=
slapd[3195]: conn=273 op=1 SRCH base="ou=Groups,o=senado.es" scope=2
filter="(&(objectClass=posixGroup)(gidNumber=513))"
slapd[3195]: conn=273 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[3195]: conn=-1 fd=17 closed
slapd[3195]: daemon: conn=274 fd=17 connection from IP=127.0.0.1:33601
(IP=0.0.0.0:389) accepted.
slapd[3195]: conn=274 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=274 op=0 RESULT tag=97 err=0 text=
slapd[3195]: deferring operation
slapd[3195]: conn=274 op=1 SRCH base="ou=People,o=senado.es" scope=2
filter="(sambaSID=S-1-5-21-2056510298-3027076148-852687323-3000)"
slapd[3195]: conn=274 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[3195]: conn=274 op=2 UNBIND
slapd[3195]: conn=-1 fd=17 closed
slapd[3195]: daemon: conn=275 fd=19 connection from IP=127.0.0.1:33602
(IP=0.0.0.0:389) accepted.
slapd[3195]: connection_read(17): no connection!
slapd[3195]: conn=275 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=275 op=0 RESULT tag=97 err=0 text=
slapd[3195]: deferring operation
slapd[3195]: conn=275 op=1 ADD dn="UID=JUAN,OU=PEOPLE,O=SENADO.ES"
slapd[3195]: conn=275 op=1 RESULT tag=105 err=0 text=
slapd[3195]: daemon: conn=276 fd=17 connection from IP=127.0.0.1:33603
(IP=0.0.0.0:389) accepted.
slapd[3195]: conn=276 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=276 op=0 RESULT tag=97 err=0 text=
slapd[3195]: conn=276 op=1 SRCH base="ou=Groups,o=senado.es" scope=2
filter="(&(objectClass=posixGroup)(|(cn=513)(gidNumber=513)))"
slapd[3195]: conn=276 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[3195]: conn=276 op=2 UNBIND
slapd[3195]: conn=-1 fd=17 closed
slapd[3195]: daemon: conn=277 fd=17 connection from IP=127.0.0.1:33604
(IP=0.0.0.0:389) accepted.
slapd[3195]: conn=277 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=277 op=0 RESULT tag=97 err=0 text=
slapd[3195]: deferring operation
slapd[3195]: conn=277 op=1 SRCH base="ou=Groups,o=senado.es" scope=2
filter="(&(objectClass=posixGroup)(|(cn=513)(gidNumber=513)))"
slapd[3195]: conn=277 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[3195]: conn=277 op=2 UNBIND
slapd[3195]: conn=-1 fd=17 closed
slapd[3195]: daemon: conn=278 fd=21 connection from IP=127.0.0.1:33605
(IP=0.0.0.0:389) accepted.
slapd[3195]: connection_read(17): no connection!
slapd[3195]: conn=278 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=278 op=0 RESULT tag=97 err=0 text=
slapd[3195]: deferring operation
slapd[3195]: conn=278 op=1 SRCH base="cn=usuarios,ou=Groups,o=senado.es"
scope=0 filter="(&(memberUid=juan))"
slapd[3195]: conn=278 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[3195]: conn=278 op=2 UNBIND
slapd[3195]: conn=-1 fd=21 closed
slapd[3195]: daemon: conn=279 fd=17 connection from IP=127.0.0.1:33606
(IP=0.0.0.0:389) accepted.
slapd[3195]: connection_read(21): no connection!
slapd[3195]: conn=279 op=0 BIND dn="CN=MANAGER,O=SENADO.ES" method=128
slapd[3195]: conn=279 op=0 RESULT tag=97 err=0 text=
slapd[3195]: deferring operation
slapd[3195]: conn=279 op=1 MOD dn="cn=usuarios,ou=Groups,o=senado.es"
slapd[3195]: conn=279 op=1 RESULT tag=103 err=0 text=
slapd[3195]: conn=279 op=2 UNBIND
slapd[3195]: conn=-1 fd=17 closed
----------------------------------------------------------------------------------------------------
[root at sist11 smbldap-tools]# grep -v ^# smbldap_bind.conf
slaveDN="cn=Manager,o=senado.es"
slavePw="secret"
masterDN="cn=Manager,o=senado.es"
masterPw="secret"
--------------------------------------------------------------------------------------------------
[root at sist11 smbldap-tools]# grep -v ^# smbldap.conf | grep -v ^$
UID_START="1000"
GID_START="1000"
SID="S-1-5-21-2056510298-3027076148-852687323"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
verify=""
cafile=""
clientcert=""
clientkey=""
suffix="o=senado.es"
usersdn="ou=People,o=senado.es"
computersdn="ou=Computers,o=senado.es"
groupsdn="ou=Groups,o=senado.es"
scope="sub"
hash_encrypt="MD5"
userLoginShell="/bin/false"
userHomePrefix=""
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="553"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="55"
userSmbHome=""
userProfile=""
userHomeDrive=""
userScript=""
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
mk_ntpasswd="/usr/local/sbin/mkntpwd"
--------------------------------------------------------------------------------------------------
[root at sist11 smbldap-tools]# grep -v ^# /etc/ldap.conf | grep -v ^$
host 127.0.0.1
base o=senado.es
uri ldap://127.0.0.1/
binddn cn=Manager,o=senado.es
bindpw secret
rootbinddn cn=Manager,o=senado.es
scope sub
nss_base_passwd o=senado.es?sub
nss_base_shadow ou=People,o=senado.es?one
nss_base_group ou=Groups,o=senado.es?one
ssl no
pam_password md5
----------------------------------------------------------------------------------------------------
[root at sist11 smbldap-tools]# grep -v ^# /etc/openldap/slapd.conf | grep -v ^$
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /usr/share/doc/samba-3.0.2a/examples/LDAP/samba.schema
access to * by *
loglevel 256
database ldbm
suffix "o=senado.es"
rootdn "cn=Manager,o=senado.es"
rootpw secret
directory /var/lib/ldap
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
-----------------------------------------------------------------------------------------------------
[root at sist11 smbldap-tools]# grep -v ^# /etc/openldap/ldap.conf | grep -v ^$
HOST 127.0.0.1
BASE o=senado.es
-----------------------------------------------------------------------------------------------------
[root at sist11 smbldap-tools]# grep -v ^# /etc/samba/smb.conf | grep -v ^$
[global]
netbios name = testPDC
workgroup = test
passdb backend = ldapsam:ldap://localhost:389
ldap admin dn = "cn=Manager,o=senado.es"
ldap ssl = off
; Cuando borro un usuario del dominio solo quiero
; borrar sus atributos de samba, pero no elimino
; la entrada del ldap.
ldap delete dn = no
ldap suffix = o=senado.es
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap filter = (uid=%u)
; Intenta sincronizar el password ldap con la password NT
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
;idmap backend = ldap:ldap://localhost:389
;ldap idmap suffix = ou=Idmap
;username map = /etc/samba/smbusers
security = user
encrypt passwords = yes
os level = 255
preferred master = yes
domain master = yes
local master = yes
wins support = yes
domain logons = yes
logon path =
logon home =
logon drive =
logon script =
[netlogon]
path = /home/samba/netlogon
read only = yes
-----------------------------------------------------------------------------------------------------------
[root at sist11 smbldap-tools]# grep -v ^# /etc/nsswitch.conf | grep -v ^$
passwd: files ldap
shadow: files
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
----------------------------------------------------------------------------------------------------
dn: o=senado.es
objectClass: top
objectClass: organization
o: senado.es
dn: ou=People,o=senado.es
objectClass: top
objectClass: organizationalUnit
ou: People
dn: ou=Groups,o=senado.es
objectClass: top
objectClass: organizationalUnit
ou: Groups
dn: ou=Computers,o=senado.es
objectClass: top
objectClass: organizationalUnit
ou: Computers
dn: cn=adminsnt,ou=Groups,o=senado.es
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Usuarios con permisos de administracion
cn: adminsnt
gidNumber: 512
sambaSID: S-1-5-21-2056510298-3027076148-852687323-512
sambaGroupType: 2
displayName: adminsnt
memberUid: Administrador
dn: cn=invitados,ou=Groups,o=senado.es
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Usuarios sin privilegios
cn: invitados
gidNumber: 99
sambaSID: S-1-5-21-2056510298-3027076148-852687323-514
sambaGroupType: 2
displayName: invitados
dn: cn=usuarios,ou=Groups,o=senado.es
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
description: Usuarios normales del dominio
cn: usuarios
gidNumber: 513
sambaSID: S-1-5-21-2056510298-3027076148-852687323-513
sambaGroupType: 2
displayName: usuarios
dn: uid=Administrador,ou=People,o=senado.es
objectClass: top
objectClass: posixAccount
objectClass: sambaSamAccount
cn: Administrador
uid: Administrador
uidNumber: 0
gidNumber: 512
homeDirectory: /dev/null
sambaSID: S-1-5-21-2056510298-3027076148-852687323-1000
displayName: Administrador
sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-512
sambaPwdCanChange: 1078218555
sambaPwdMustChange: 2147483647
sambaLMPassword: F0D412BD764FFE81AAD3B435B51404EE
sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634
sambaPwdLastSet: 1078218555
sambaAcctFlags: [U ]
userPassword: {SSHA}Xjsp7TqeUPsae9G5waRi4Hx4rswOt0R8
dn: uid=invitado,ou=People,o=senado.es
objectClass: top
objectClass: posixAccount
objectClass: sambaSamAccount
cn: invitado
gidNumber: 99
uid: invitado
sambaSID: S-1-5-21-2056510298-3027076148-852687323-1000
sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-514
uidNumber: 1000
homeDirectory: /dev/null
sambaPwdCanChange: 1078218599
sambaPwdMustChange: 2147483647
sambaLMPassword: 786285D31C040D28E68AA26A841A86FA
sambaNTPassword: 1EA468D4AAA403FA9C3C58725792D638
sambaPwdLastSet: 1078218599
sambaAcctFlags: [U ]
userPassword: {SSHA}+OFXK+mDJIJY8e/0QozZF2JWmCRICBhe
memberUid: invitado
dn: sambaDomainName=TEST,o=senado.es
sambaDomainName: TEST
sambaSID: S-1-5-21-2056510298-3027076148-852687323
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
More information about the samba
mailing list