[Samba] Re: RE pdb_ldap.c, ldapsam_add_sam_account, existing poxisaccount

spu at corman.be spu at corman.be
Fri May 27 14:30:38 GMT 2005


John,

I appreciate your reaction, but could you explain this error ?

[2005/05/27 16:19:10, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
  ldapsam_modify_entry: Failed to add user dn=
uid=infobcer$,ou=machines,dc=corman,dc=be with: Already exists
[2005/05/27 16:19:10, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1911)
  ldapsam_add_sam_account: failed to modify/add user with uid = infobcer$
(dn = uid=infobcer$,ou=machines,dc=corman,dc=be)
[2005/05/27 16:19:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2398)
  could not add user/computer infobcer$ to passdb.  Check permissions?

I use root for adding to my PDC, ldap version : 2.1.25

thanks

-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

samba-technical-bounces+stephane.purnelle=corman.be at lists.samba.org a écrit
sur 26/05/2005 20:15:05 :

> Stéphane,
>
> The book "Samba-3 by Example" is being reprinted very soon. Up to date
builds
> of the PDF are available on the Samba web site daily. This document can
be
> downloaded from:
>
>    http://www.samba.org/samba/docs/Samba-Guide.pdf
>
> In chapter 5 I have fully documented how Samba-3 can be deployed
> with LDAP and
> using the smbldap-tools. It works perfectly for me and in many sites that

> have given me feedback that it works. Over the past two months I have
> received and applied about 40 suggestions for improvement. Every report
that
> it does not work has been resolved, but given all of this I am 100%
certain
> that there are still bugs in there.
>
> I would greatly appreciate if you could test-drive this chapter and
report
> back any bugs or problems you come across.
>
> I will personally work with you to resolve any issues that you may find.
>
> Your claim below that there has been no reaction from the Samba Teamis
wrong.
> A number of us have worked with Jerome Tournier, that has resulted in the

> 0.9.0 release of the smbldap-tools. We do not make a practice of ignoring
our
> uses. I have been working on updating our documentation also as a result
of
> feedback an dbug reports. You have never been ignored.
>
> The smbldap-tools should be configured to handle only the POSIX part of
LDAP
> based accounts. Samba should handle all the sambaSAM components.
>
> Please review chapter 5 and give me your feedback. I am anxious to fix
any
> problem you may have.
>
> Cheers,
> John T.
>
>
> On Thursday 26 May 2005 09:12, spu at corman.be wrote:
> > Ok,
> >
> > I re-read the script and the sambasamaccount is only added with  -i
option.
> >
> > My position is :
> >       - I asked the problem in 2004, I a put a BUG.  For some reasons,
no
> > reaction from samba team for this problem.
> >       - My solution is modify the smbldap-script for add
sambasamaccount
> > and add a machine on two step, it's work (until today)
> >
> > add theses lines after the
> > if (defined($Options{'i'})) {
> >
> > > ...
> > > }
> >
> >  if (defined($Options{'w'})) {
> >     # For machine account
> >     # Objectclass sambaSAMAccount must be added now !
> >
> >     my $date=time;
> >     my $modify = $ldap_master->modify (
> > "uid=$userName,$config{computersdn}",
> >                                         changes => [
> >                                                     replace =>
[objectClass
> > => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
> >                                                     add =>
[sambaLogonTime
> > => '0'],
> >                                                     add =>
[sambaLogoffTime
> > => '2147483647'],
> >                                                     add =>
> > [sambaKickoffTime => '2147483647'],
> >                                                     add =>
> > [sambaPwdCanChange => '0'],
> >                                                     add =>
> > [sambaPwdMustChange => '2147483647'],
> >                                                     add =>
[sambaPwdLastSet
> > => "$date"],
> >                                                     add =>
[sambaAcctFlags
> > => '[W          ]'],
> >                                                     add => [sambaSID =>
> > "$user_sid"],
> >                                                     add =>
> > [sambaPrimaryGroupSID => "$config{SID}-515"]
> >                                                    ]
> >                                       );
> >
> >     $modify->code && die "failed to add entry: ", $modify->error ;
> >     }
> >
> > ask me if problem, I cannot add machine today, but if you can test for
me I
> > appreciate.
> >
> > thanks
> >
> >
> >       Stéphane Purnelle
> >
> > -----------------------------------
> > Stéphane PURNELLE                         stephane.purnelle at corman.be
> > Service Informatique       Corman S.A.           Tel : 00 32 087/342467
> >
> > samba-technical-bounces+stephane.purnelle=corman.be at lists.samba.org a
écrit
> >
> > sur 26/05/2005 16:57:49 :
> > > spu at corman.be wrote:
> > > > I forgot some details.
> > > > the script add the sambasamaccount.
> > > > could you send me the smbldap-useradd script for see what version
you
> >
> > use ?
> >
> > > > some smbldap script not add the sambasamaccount, because normally
samba
> > > > must add it (and is this part which don't work).
> > > > the last version seems to add the sambasamaccount attributes and
old
> > > > version too.
> > >
> > > Ah! smbldap-useradd in 0.8.7 certainly does not seem to add the
> > > sambasamaccount attributes. I just downloaded the latest 0.9.0 and
that
> > > doesn't seem to either. Not with -w, which as i understand it is the
way
> > > it should be used. -w just makes the posixaccount and expects samba
to
> > > do the rest...
> > >
> > > # MACHINE ACCOUNT
> > > if (defined($Options{'w'}) or defined($Options{'i'})) {
> > >
> > >   #print "About to create machine $userName:\n";
> > >
> > >   if (!add_posix_machine
> > > ($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
> > >     die "$0: error while adding posix account\n";
> > >   }
> > >
> > >   if (defined($Options{'i'})) {
> > > ...
> > > }
> > >
> > >   $ldap_master->unbind;
> > >   exit 0;
> > > }
> > >
> > > Should the add machine script set up the samba attributes? It seems a
> > > bit mad. Surely samba should be finding that the user exists but
doesn't
> > > have the samba attributes and then it should modify the user? That's
> > > what the code in my original post appears to be trying to do...
> > >
> > > John
>
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.


More information about the samba mailing list