[Samba] Re: Samba3 - LDAP - USRMGR.EXE

Mark Jones mlp1 at ig.com.br
Wed Sep 15 13:21:45 GMT 2004

passdb appears a lot of times in smba logs, even if it uses LDAP as a
backend, as in my config.
Maybe the log message should be changed in the code for something easier to
debug... But this error message you said, only appears if you try to add or
delete the user twice from LDAP, so you should remove "-a" from the add user
script and comment out the user delete script if you intend to use

Mark Jones

-----Original Message-----

From: rruegner [mailto:robert at ruegner.org]

Sent: terça-feira, 14 de setembro de 2004 12:34

To: Mark Jones

Cc: samba at lists.samba.org

Subject: Re: [Samba] Re: Samba3 - LDAP - USRMGR.EXE


as seen in the logs

could not add user/computer i00001 to

>>passdb. Check permissions?,

why should should an account being added to passdb.

In ldap setups the accounts are all stored in the ldap database. I guess you
might fail with your general setup the hosting samba ldap system must ask
only ldap for auth, do you have somthing like this in your nsswitch.conf?

passwd: ldap files

group: ldap files

shadow: ldap files


Mark Jones schrieb:

> I´ve just had the same problem and came to this post while searching

> for a solution, and I´ve just fixed this problem for my setup after

> reading Kang´s

> words:


> I disabled the remove user script in smb.conf, and also removed the -a

> option from the add user script. Using the scripts the way they were

> configured, Samba tried to add / remove the user twice, though giving

> the error. Here is my smb.conf extract:

> ....

> add user script = /usr/local/sbin/smbldap-useradd -m "%u"

> ldap delete dn = Yes

> #delete user script = /usr/local/sbin/smbldap-userdel "%u"

> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

> delete group script = /usr/local/sbin/smbldap-groupdel "%g"

> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"

> delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"

> "%g"

> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

> ...

> unix password sync = No

> ldap passwd sync = Yes

> ...


> My setup: Samba 3.0.7, openldap 2.1.29, smbldap-tools 0.8.5-2, Fedora

> Core 2.


> Hope this is useful.


> Mark Jones



> "Kang Sun" <ksun at abinitio.com> wrote in message

> news:ce5n6o$kgm$1 at sea.gmane.org...


>>Just a hunch, I didnot test myself.

>>In your smb.conf, did you set the "add user script" to add posix



> as


>>well as Windows account? If so, there might be a problem.

>>>From what I read and understand, the script suppose to add Posix


>>only, and samba will add the Windows account. If the Windows account

>>is added by the "add user script", then Samba has to delete it or

>>modify it, which it might not have the previlege or some error comes

>>up that does not mean what it says.


>>Hope this helps!


>>-- Kang Sun


>><Christian.Wittmer at intercomponentware.com> wrote in message



> news:OFC76E80F3.2450B1FE-ONC1256EDE.002E8C93-C1256EDE.003B237E at interco

> mponen





>>have some little problems adding user to domain with USRMGR.EXE My

>>System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4,

>>smbldap-tools-0.8.5, openldap2-2.2.6


>>If I try to add a new user with USRMGR.EXE I get an error "Access

>>denied", but if I look into LDAP the new user was correctly added to LDAP.

>>If I confirm the error-message and then cancel the "NEW USER" Window

>>and typing "F5" for refreshing the USRMGR. I can see the new user.

>>By doubble-clicking the new User I am able to make any modification to

>>the User without any error.

>>What could be the problem ?


>>Here is a part of /var/log/messages that Jul 27 12:36:25 samba3

>>smbd[2149]: [2004/07/27 12:36:25, 0]


>>Jul 27 12:36:25 samba3 smbd[2149]: ldapsam_add_sam_account: User

>>'i00001' already in the base, with samba attributes Jul 27 12:36:25

>>samba3 smbd[2149]: [2004/07/27 12:36:25, 0]


>>Jul 27 12:36:25 samba3 smbd[2149]: could not add user/computer i00001 to

>>passdb. Check permissions?


>>if you need more logs or sambalog with special loglevel just tell me.


>>The same problem exists when joining a machine to DOMAIN.

>>On first try => "Access denied" but correctly added to LDAP On second

>>try => "Welcome to DOMAIN"


>>Thanks for any help.


>>Christian Wittmer



>>Büro/Office: +49 (0) 6227/385-120

>>Email: Christian.Wittmer at InterComponentWare.com


>>InterComponentWare AG

>>Otto-Hahn-Strasse 3

>>69190 Walldorf

>>Zentrale/Main: +49 (6227) 385-100





>>To unsubscribe from this list go to the following URL and read the

>>instructions: http://lists.samba.org/mailman/listinfo/samba





>>To unsubscribe from this list go to the following URL and read the

>>instructions: http://lists.samba.org/mailman/listinfo/samba






__________ NOD32 1.869 (20040913) Information __________

This message was checked by NOD32 antivirus system. http://www.nod32.com

More information about the samba mailing list