[Samba] smbldap-useradd.pl -a -w '%m' questions

Tony Austin nsswitch at gigaday.com
Wed Nov 23 11:28:47 GMT 2005 

I am still trying to troubleshoot my problem of not being able to join
computers to the domain.

I have found this comment by John Terpstra:-

>Newsgroups: linux.samba
>From: John H Terpstra <j... at samba.org> - Find messages by this author
>Date: Wed, 14 Jan 2004 00:00:17 +0100

>Curtis,

>Do not set the UID of Administrator to 0, it will break winbind use.
>Instead, use the account root in LDAP, set UID=0, GID=0, RID=500

>With these setting winbind should be happy.

>Also, add the '-a' option where appropriate, so you create in LDAP both
>Posix and SambaSamAccounts. You must create both entries in one operation.

>- John T.

Two questions:-

1.  Am I right to have the following line in smb.conf?

add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -a -w '%m'

Samba by Example omits the -a and has '%u'.  (Example 6.4)

2.  Samba by Example 6.3.5.10 recommends setting uid=0 for the
Administrator account:-

./smbldap-usermod.pl -u 0 Adminstrator

which contradicts John's advice above.

Could uid=0 be causing my problem?  What uid should Administrator have?

Back to the problem of not being able to join the domain ...

John says that -a and -w must be used together so that both entries are
created in one operation, however, even having done this, I see the
following in slapd.log:-

Nov 23 10:46:22 linux-server slapd[20034]: conn=3686 op=1 ADD
dn="UID=GARYB-1000$,OU=PEOPLE,DC=COMMTECHGROUP,DC=CO.UK"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3686 op=1 RESULT tag=105
err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3686 op=2 UNBIND
Nov 23 10:46:23 linux-server slapd[20034]: conn=-1 fd=43 closed
Nov 23 10:46:23 linux-server slapd[20034]: conn=-1 fd=42 closed
Nov 23 10:46:23 linux-server slapd[20034]: conn=-1 fd=41 closed
Nov 23 10:46:23 linux-server slapd[20034]: conn=3682 op=5 SRCH
base="ou=People,dc=commtechgroup,dc=co.uk" scope=1
filter="(&(objectClass=posixAccount)(uid=garyb-1000$))"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3682 op=5 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=12 SRCH
base="ou=Groups,dc=commtechgroup,dc=co.uk" scope=2
filter="(&(objectClass=sambaGroupMapping)(gidNumber=553))"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=12 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=13 SRCH
base="dc=commtechgroup,dc=co.uk" scope=2
filter="(&(&(uid=garyb-1000$)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=13 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=14 SRCH
base="dc=commtechgroup,dc=co.uk" scope=2
filter="(&(sambaSID=S-1-5-21-1504740027-1884281049-541626052-3100)(objectClass=sambaSamAccount))"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=14 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=15 SRCH
base="dc=commtechgroup,dc=co.uk" scope=2
filter="(&(uid=garyb-1000$)(objectClass=sambaSamAccount))"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=15 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=16 SRCH
base="dc=commtechgroup,dc=co.uk" scope=2
filter="(&(sambaSID=S-1-5-21-1504740027-1884281049-541626052-3100)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=16 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=17 ADD
dn="UID=GARYB-1000$,OU=PEOPLE,DC=COMMTECHGROUP,DC=CO.UK"
Nov 23 10:46:23 linux-server slapd[20034]: conn=3681 op=17 RESULT tag=105
err=68 text=
Nov 23 10:46:23 linux-server slapd[20034]: conn=-1 fd=39 closed
Nov 23 10:46:23 linux-server slapd[20034]: conn=-1 fd=40 closed
Nov 23 10:46:27 linux-server slapd[20034]: conn=3659 op=86 SRCH
base="ou=People,dc=commtechgroup,dc=co.uk" scope=1
filter="(&(objectClass=posixAccount)(uidNumber=1034))"
Nov 23 10:46:27 linux-server slapd[20034]: conn=3659 op=86 SEARCH RESULT
tag=101 err=0 text=
Nov 23 10:46:27 linux-server slapd[20034]: conn=3659 op=87 SRCH
base="ou=People,dc=commtechgroup,dc=co.uk" scope=1
filter="(&(objectClass=posixAccount)(uidNumber=1034))"

which looks like it's doing 2 ADDs for UID=GARYB-1000$ and the second one
fails with tag=105 err=68, which I have found from another source to mean
"attempt to add duplicate object".

Can anyone throw any light on what's going on here and how I should
proceed, please?  Some help would be greatly appreciated.


Tony

More information about the samba mailing list