[Samba] After net rpc vampire of 2000 users admin of user db
has problems
Craig White
craigwhite at azapple.com
Thu Sep 30 21:13:14 GMT 2004
On Thu, 2004-09-30 at 13:05, Gustavo Lima wrote:
> Greetings,
>
> I was able to admin users and machines database via usrmgr.exe in a
> samba3.0.7 + ldap server. I was able to set trusting domains too.
>
> After I vampired my ex-PDC NT server usrmgr.exe stop working and trusting
> stop to be showed.
>
> usrmgr.exe gives the error:
>
> The tag is invalid. Do you want to select another domain to administer?
>
----
I have found the following - If you migrate a domain to samba, promote
samba to PDC status, the existing NT4 machine that was the PDC/BDC
doesn't work well and in fact, you have to stop netlogon service to use
it at all. Yours was the type of error I received when running
usrmgr.exe on that machine until I stopped netlogon service.
It is also possible that on your LDAP setup, the machine accounts aren't
being found by samba/LDAP.
User Manager for Domains (usrmgr.exe) does work if you are running it on
a computer attached to the domain and current logon has Domain
Administrator privileges. If it fails to run, one or both of these
issues need to be looked at.
----
> And net rpc trustdom list -UAdministrator%passwd gives me:
>
> Trusted domains list:
>
> OTHER-DOM S-1-5-21-136393487-307246644-928725530
>
> Trusting domains list:
>
> [2004/09/30 16:44:16, 0] utils/net_rpc.c:rpc_trustdom_list(3430)
> Couldn't enumerate accounts. Error was: NT_STATUS_ACCESS_DENIED
----
almost sounds like samba is having trouble querying LDAP.
----
>
> Is this a known error between samba and ldap?
----
NO - things can work well when they work
----
>
> Other tools that I use to administer the users database also can´t show all
> imported users. Just about 500. Is this correct?
-----
don't know what tools you are talking about but
getent passwd
should give you all of the listings in /etc/passwd first, then all of
the contents in LDAP (similar results for getent group) It is possible
that you can have limits on a return from ldap query but that is beyond
the scope of samba list.
Craig
More information about the samba
mailing list