[Samba] add machine script problem

Brian Abreu babreu at experts-exchange.com
Fri Jul 8 00:11:33 GMT 2005 

I am having trouble getting samba to execute the add machine script 
properly.  It seems to be executing this script as a non-root user.

I am running trustix  with the 2.4.30 kernel.  Samba is version 3.0.14a.

Here is the output from testparm:

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[backup]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
[global]
        workgroup = EE
        server string = Trustix Secure Linux Samba Server
        passdb backend = ldapsam:ldap://localhost/
        log file = /var/log/samba/log.%I
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        logon script = logon.bat
        logon path =
        logon drive = H:
        domain logons = Yes
        os level = 32
        preferred master = Yes
        domain master = Yes
        wins proxy = Yes
        wins support = Yes
        ldap admin dn = cn=admin,dc=experts-exchange,dc=com
        ldap delete dn = Yes
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=People
        ldap machine suffix = ou=Computers
        ldap passwd sync = Yes
        ldap suffix = dc=experts-exchange,dc=com
        ldap user suffix = ou=People

[homes]
        comment = Home Directories
        path = /home/users/%S
        valid users = %S
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        guest ok = Yes
        share modes = No

[backup]
        comment = Backups
        path = /backup
        browseable = No

When in run `net join EE -U root` I get the following error:

[2005/07/07 17:06:26, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: No results returned
Creation of workstation account failed
Unable to join domain EE.

Here is a snippit of part of the log that is generated when i run that 
command.  As you can see from the last lines, smbldap-useradd did not 
run properly because it could not open the smbldap.conf file.  The 
permissions on this file are 0600; it is owned by root.

[2005/07/07 16:59:56, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => [dc=experts-exchange,dc=com], filter => 
[(&(uid=filese
rver$)(objectclass=sambaSamAccount))], scope => [2]
[2005/07/07 16:59:56, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1334)
  ldapsam_getsampwnam: Unable to locate user [fileserver$] count=0
[2005/07/07 16:59:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam(293)
  Finding user fileserver$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(223)
  Trying _Get_Pwnam(), username as lowercase is fileserver$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(239)
  Trying _Get_Pwnam(), username as uppercase is FILESERVER$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(247)
  Checking combinations of 0 uppercase letters in fileserver$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(251)
  Get_Pwnam_internals didn't find user [fileserver$]!
[2005/07/07 16:59:56, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311)
  _samr_create_user:  can add this account : False
Unable to open /etc/opt/IDEALX/smbldap-tools/smbldap.conf for reading !
Compilation failed in require at /usr/local/sbin/smbldap-useradd line 33.
BEGIN failed--compilation aborted at /usr/local/sbin/smbldap-useradd 
line 33.
[2005/07/07 16:59:56, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
  _samr_create_user: Running the command 
`/usr/local/sbin/smbldap-useradd -w "fi
leserver$"' gave 2

How can I get this script to run as root?

Brian Abreu

More information about the samba mailing list