[Samba] Re: Samba3 - LDAP - USRMGR.EXE

rruegner robert at ruegner.org
Tue Sep 14 15:34:22 GMT 2004


Hi,
as seen in the logs
could not add user/computer i00001 to
 >>passdb.  Check permissions?,
why should should an account being added to passdb.
In ldap setups the accounts are all stored
in the ldap database.
I guess you might fail with your general setup
the hosting samba ldap system must ask only ldap
for auth, do you have somthing like this in your nsswitch.conf?

passwd: ldap files
group:  ldap files
shadow: ldap files

Regards
Mark Jones schrieb:

> I´ve just had the same problem and came to this post while searching for a
>  solution, and I´ve just fixed this problem for my setup after reading
> Kang´s
>  words:
> 
> I disabled the remove user script in smb.conf,
> and also removed the -a option from the add user script. Using the scripts
> the
> way they were configured, Samba tried to add / remove the user twice, though
> giving the error. Here is my smb.conf extract:
> ....
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> #delete user script = /usr/local/sbin/smbldap-userdel "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
> "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
> ...
> unix password sync = No
> ldap passwd sync = Yes
> ...
> 
> My setup: Samba 3.0.7, openldap 2.1.29, smbldap-tools 0.8.5-2, Fedora Core
> 2.
> 
> Hope this is useful.
> 
> Mark Jones
> 
> 
> "Kang Sun" <ksun at abinitio.com> wrote in message
> news:ce5n6o$kgm$1 at sea.gmane.org...
> 
>>Just a hunch, I didnot test myself.
>>In your smb.conf, did you set the "add user script" to add posix account
> 
> as
> 
>>well as Windows account? If so, there might be a problem.
>>>From what I read and understand, the script suppose to add Posix account
>>only, and samba will add the Windows account. If the Windows account is
>>added by the "add user script", then Samba has to delete it or modify it,
>>which it might not have the previlege or some error comes up that does not
>>mean what it says.
>>
>>Hope this helps!
>>
>>-- Kang Sun
>>
>><Christian.Wittmer at intercomponentware.com> wrote in message
>>
> 
> news:OFC76E80F3.2450B1FE-ONC1256EDE.002E8C93-C1256EDE.003B237E at intercomponen
> 
>>tware.com...
>>Hello,
>>
>>have some little problems adding user to domain with USRMGR.EXE
>>My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4,
>>smbldap-tools-0.8.5, openldap2-2.2.6
>>
>>If I try to add a new user with USRMGR.EXE I get an error "Access denied",
>>but if I look into LDAP the new user was correctly added to LDAP.
>>If I confirm the error-message and then cancel the "NEW USER" Window and
>>typing "F5" for refreshing the USRMGR. I can see the new user.
>>By doubble-clicking the new User I am able to make any modification to the
>>User without any error.
>>What could be the problem ?
>>
>>Here is a part of /var/log/messages that
>>Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0]
>>passdb/pdb_ldap.c:ldapsam_add_sam_account(1573)
>>Jul 27 12:36:25 samba3 smbd[2149]:   ldapsam_add_sam_account: User
>>'i00001' already in the base, with samba attributes
>>Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0]
>>rpc_server/srv_samr_nt.c:_samr_create_user(2267)
>>Jul 27 12:36:25 samba3 smbd[2149]:   could not add user/computer i00001 to
>>passdb.  Check permissions?
>>
>>if you need more logs or sambalog with special loglevel just tell me.
>>
>>The same problem exists when joining a machine to DOMAIN.
>>On first try => "Access denied" but correctly added to LDAP
>>On second try => "Welcome to DOMAIN"
>>
>>Thanks for any help.
>>
>>Christian Wittmer
>>
>>---------------------------------
>>Büro/Office: +49 (0) 6227/385-120
>>Email: Christian.Wittmer at InterComponentWare.com
>>
>>InterComponentWare AG
>>Otto-Hahn-Strasse 3
>>69190 Walldorf
>>Zentrale/Main: +49 (6227) 385-100
>>
>>http://www.intercomponentware.com
>>http://www.lifesensor.com
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
> 
> 
> 
> 


More information about the samba mailing list