[Samba] Re: Samba3 - LDAP - USRMGR.EXE

Mark Jones mlp1 at ig.com.br
Mon Sep 13 23:53:03 GMT 2004

I´ve just had the same problem and came to this post while searching for a
 solution, and I´ve just fixed this problem for my setup after reading

I disabled the remove user script in smb.conf,
and also removed the -a option from the add user script. Using the scripts
way they were configured, Samba tried to add / remove the user twice, though
giving the error. Here is my smb.conf extract:
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
unix password sync = No
ldap passwd sync = Yes

My setup: Samba 3.0.7, openldap 2.1.29, smbldap-tools 0.8.5-2, Fedora Core

Hope this is useful.

Mark Jones

"Kang Sun" <ksun at abinitio.com> wrote in message
news:ce5n6o$kgm$1 at sea.gmane.org...
> Just a hunch, I didnot test myself.
> In your smb.conf, did you set the "add user script" to add posix account
> well as Windows account? If so, there might be a problem.
> >From what I read and understand, the script suppose to add Posix account
> only, and samba will add the Windows account. If the Windows account is
> added by the "add user script", then Samba has to delete it or modify it,
> which it might not have the previlege or some error comes up that does not
> mean what it says.
> Hope this helps!
> -- Kang Sun
> <Christian.Wittmer at intercomponentware.com> wrote in message
news:OFC76E80F3.2450B1FE-ONC1256EDE.002E8C93-C1256EDE.003B237E at intercomponen
> tware.com...
> Hello,
> have some little problems adding user to domain with USRMGR.EXE
> My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4,
> smbldap-tools-0.8.5, openldap2-2.2.6
> If I try to add a new user with USRMGR.EXE I get an error "Access denied",
> but if I look into LDAP the new user was correctly added to LDAP.
> If I confirm the error-message and then cancel the "NEW USER" Window and
> typing "F5" for refreshing the USRMGR. I can see the new user.
> By doubble-clicking the new User I am able to make any modification to the
> User without any error.
> What could be the problem ?
> Here is a part of /var/log/messages that
> Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0]
> passdb/pdb_ldap.c:ldapsam_add_sam_account(1573)
> Jul 27 12:36:25 samba3 smbd[2149]:   ldapsam_add_sam_account: User
> 'i00001' already in the base, with samba attributes
> Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0]
> rpc_server/srv_samr_nt.c:_samr_create_user(2267)
> Jul 27 12:36:25 samba3 smbd[2149]:   could not add user/computer i00001 to
> passdb.  Check permissions?
> if you need more logs or sambalog with special loglevel just tell me.
> The same problem exists when joining a machine to DOMAIN.
> On first try => "Access denied" but correctly added to LDAP
> On second try => "Welcome to DOMAIN"
> Thanks for any help.
> Christian Wittmer
> ---------------------------------
> Büro/Office: +49 (0) 6227/385-120
> Email: Christian.Wittmer at InterComponentWare.com
> InterComponentWare AG
> Otto-Hahn-Strasse 3
> 69190 Walldorf
> Zentrale/Main: +49 (6227) 385-100
> http://www.intercomponentware.com
> http://www.lifesensor.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list