[Samba] strange error 1937

Denis Vlasenko vda at ilport.com.ua
Fri Sep 23 13:05:31 GMT 2005 

On Thursday 22 September 2005 11:44, Mario Gzuk wrote:
> Hi,
> After configuring and populating I try to add the accounts from a NT4
> domain.
> The "net rpc samdump -S SERVERNAME" works as expected.
> I can see the Password hashes and all computers and users.
> After that I try to NET VAMPIRE.....
> The groups were added fine but for each computer and user account I get
> this error:
> 
> ...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
> ldapsam_add_sam_account: failed to modify/add user with uid = .....
> 
> the normal smbldap-useradd works also as expected. I try all findable
> documentation and searched for this error but found nothing. I try it
> with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the
> same result....
> 
> 
> ---SNIP---------------------------------------------------------------------------------
> The ldap log tell me:
> .... conn=2 op=94 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=user2))"
> .... conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
> .... conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text=
> .... conn=1 op=186 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
> .... conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
> .... conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text=
> .... conn=1 op=187 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(&(objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount))"
> .... conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text=
> .... conn=1 op=188 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
> .... conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
> .... conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text=
> .... conn=1 op=189 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=sambaSamAccount)(uid=user2))"
> .... conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text=
> .... conn=1 op=190 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
> .... conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=190 SEARCH RESULT tag=101 err=0 nentries=0 text=
> .... conn=1 op=191 ADD dn="uid=user2,dc=example,dc=com"
> .... conn=1 op=191 RESULT tag=105 err=68 text=èV^W^H^X^V.A
> \204î,@^P3^W^HDx,@Øÿÿÿ\234^[.A\210x8 at 0L^I^H\210x8@^H^V.A at x8@^HY^W^H^C
> --SNAP-------------------------------------------------------------------
> 
> This is the add user script:
> add user script = smbldap-useradd "%u"

Try to isolate it first to failing invocation of smldap-useradd <something>

add user script = debug_script "%u"

wher debug_script is something like this:

#!/bin/sh
env >/tmp/useradd.env
strace -o /tmp/useradd.strace smbldap-useradd "%u" 1>/tmp/useradd.1 2>/tmp/useradd.2

Then you will be adle to experiment with failing command
without need to do full "net vampire" run.
--
vda

More information about the samba mailing list