[Samba] object class 'sambaSamAccount' requires attribute 'sambaSID'

Priyadarsan Roy priyadarsanroy at gmail.com
Thu Aug 24 10:54:14 GMT 2006 

I have setup a Samba PDC with LDAP by the Samba howto. All is working 
fine. But when I try to add machine accounts it is giving me errors. The 
error is as such

First I did

#smbldap-useradd -w comat67$

This was successful. Then when I do this

oblix:/home# pdbedit -a -m -u comat67$
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=COMAT))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=COMAT))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: comat67$
ldapsam_modify_entry: Failed to add user dn= 
uid=comat67$,ou=Computers,dc=comat,dc=com with: Object class violation
        object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = comat67$ 
(dn = uid=comat67$,ou=Computers,dc=comat,dc=com)
Unable to add machine! (does it already exist?)


Any ideas why this is happeneing.

My smb.conf

[global]
        unix charset = LOCALE
        workgroup = COMAT
        netbios name = COMAT-PDC
        interfaces = 192.168.100.203
        bind interfaces only = Yes
        passdb backend = ldapsam:ldap://127.0.0.1
        enable privileges = Yes
        username map = /etc/samba/smbusers
        log level = 3
        syslog = 0
        log file = /var/log/samba/%m
        max log size = 50
        smb ports = 139
        name resolve order = wins bcast hosts
        time server = Yes
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        delete user script = usr/local/sbin/smbldap-userdel "%u"
        add group script = usr/local/sbin/smbldap-groupadd -p "%g"
        delete group script = usr/local/sbin/smbldap-groupdel "%g"
        add user to group script = usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
        delete user from group script = usr/local/sbin/smbldap-groupmod 
-x "%u" "%g"
        set primary group script = usr/local/sbin/smbldap-usermod -g 
"%g" "%u"
        add machine script = usr/local/sbin/smbldap-useradd -w "%u"
        logon script = scripts\logon.bat
        logon path = \\%L\profiles\%U
        logon drive = X:
        domain logons = Yes
        preferred master = Yes
        wins support = Yes
        ldap admin dn = cn=admin,dc=comat,dc=com
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap machine suffix = ou=Computers
        ldap suffix = dc=comat,dc=com
        ldap user suffix = ou=People
        idmap backend = ldap:ldap://127.0.0.1
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        map acl inherit = Yes

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        guest ok = Yes
        locking = No

[profiles]
        comment = Profile Share
        path = /var/lib/samba/profiles
        read only = No
        profile acls = Yes


My slapd.conf

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/samba.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
modulepath      /usr/lib/ldap
moduleload      back_bdb


access to dn.base=""
                by dn="cn=admin,dc=comat,dc=com" write
                by self write
                by * auth

access to attr=userPassword,sambaLMPassword,sambaNTPassword
                by dn="cn=admin,dc=comat,dc=com" write
                by self write
                by * auth

access to attr=shadowLastChange
                by dn="cn=admin,dc=comat,dc=com" write
                by self write
                by * read

access to *
                by dn="cn=admin,dc=comat,dc=com" write
                by * read
                by anonymous auth

#loglevel       256

schemacheck     on
idletimeout     30
backend         bdb
database        bdb
checkpoint      1024 5
cachesize       10000

suffix          "dc=comat,dc=com"
rootdn          "cn=admin,dc=comat,dc=com"
rootpw          "********"

directory       /var/lib/ldap

index objectClass           eq
index cn                    pres,sub,eq
index sn                    pres,sub,eq
index uid                   pres,sub,eq
index displayName           pres,sub,eq
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
index default               sub

The OS is sarge and the Samba packages are the default ones.

Any help would be greatly appreciated.

Thanks,
PD

More information about the samba mailing list