[Samba] Smbpasswd -m -x not working,
"object class violation" error
Andrés Yacopino
ayacopino at gmail.com
Thu Feb 16 14:43:56 GMT 2006
This time i add values to cn , the object class inetOrgPerson and a value
for sn.
After that i try to delete the machine account and it works.
Apparently it needs this object class as you said.
How can i do to add this class automatically when a add a machine account
using smbpasswd?
Thanks.
Andres.
2006/2/16, Daniel Wilson <daniel.wilson at sunderland.ac.uk>:
>
>
> > I also found that displayName belongs to inetorgperson object class.
> > I try to add this object class to the user but i obtain and object
> > class violation.
> Usually objectclasses have a set of required attributes that must have
> values before you can commit adding the object class. Did you just try
> and add the object class without adding values to the new attributes?
> >
> > I see that a user account(not a machine account) has a lot of object
> > class, the machine account account has only the three classes
> > sambaSamAccount,account,top.
> ok so mayby its trying to delete the attribute displayName from the
> inetorgperson which a machines doesnt have then...?
> > Thanks.
> >
> >
> >
> >
> > 2006/2/16, Andrés Yacopino <ayacopino at gmail.com
> > <mailto:ayacopino at gmail.com>>:
> >
> > I see the attribute displayName(as allowed attribute) in these
> > user object classes:
> >
> > -pabperson
> > -sambasamaccount
> > -smabagroupmapping
> >
> > The user account has only this classes:
> >
> > sambaSamAccount
> > account
> > top
> >
> > Is this wrong?, the attribute could be in some classes at the same
> > time?
> > Thanks,
> > Andres.
> >
> > 2006/2/15, Daniel Wilson < daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>>:
> >
> > What object class is the displayName in and does the user
> > account have
> > that object class ? Im sure you need to have the object class
> > before you
> > can add/remove the attribute assigned to the object classs.
> >
> > Attributes belong to and are grouped in objectclasses.
> >
> > Regards
> >
> > Daniel Wilson
> > Systems Manager
> > Student and Learning Support
> > University of Sunderland
> > Tel: 0191 515 2695
> >
> >
> >
> > Andrés Yacopino wrote:
> >
> > > Thanks for replying Daniel, i execute :grep -il displayName
> > *.ldif
> > >
> > > and i obtain:
> > >
> > > 00core.ldif
> > > 50ns-admin.ldif
> > > 50ns-iabs.ldif
> > > 99samba-schema-netscapeds5.x.ldif
> > > 99user.ldif
> > >
> > > And also see the configuration in the console and i see:
> > >
> > > Standard Attribute(Read Only):
> > >
> > > Name: displayName
> > > OID: 2.16.840.1.113730.3.1.241
> > > Syntax: DirectoryString
> > > Multivalued: not checked
> > >
> > > Do you know what is wrong with this?
> > > Thanks a lot,
> > > Andrés.
> > >
> > > 2006/2/14, Daniel Wilson <daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>
> > > <mailto: daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>>>:
> > >
> > > Im sure this means that its trying to delete the
> > displayName attribute
> > > which is more than likely not in your LDAP schema.
> > >
> > > Look in "<install_dir>/slapd-<hostname>/config/schema/"
> > directory for
> > > your schema
> > >
> > > To see if "displayName" is part of any object classes in
> > your LDAP
> > > schema search the schema files:
> > >
> > > bash# grep -il displayName
> > > <install_dir>/slapd-<hostname>/config/schema/*.ldif
> > >
> > > If its not part of your schema you may want to add this
> > attribute to
> > > your 99user.ldif schema file or add the attribute via the
> > Sun LDAP
> > > console (recommended):
> > >
> > > bash # <install_dir>/startconsole &
> > > Server Group > Directory Server (Open) > Configuration >
> > Schema >
> > > Attributes > Create
> > >
> > > -or-
> > >
> > > you may want to just disable schema checking in your LDAP
> > server :
> > >
> > > bash # <install_dir>/startconsole &
> > > Server Group > Directory Server (Open) > Configuration >
> > Schema
> > > (Disable)
> > >
> > > Regards
> > >
> > > Daniel Wilson
> > > Systems Manager
> > > Student and Learning Support
> > > University of Sunderland
> > > Tel: 0191 515 2695
> > >
> > >
> > >
> > > Andrés Yacopino wrote:
> > >
> > > > Daniel, check the log as you said and i hit this:
> > > >
> > > > [14/Feb/2006:14:19:10 +0300] - ERROR<5897> - Schema -
> > conn=-1 op=-1
> > > > msgId=-1 -
> > > > User error: Entry "uid=aprueba$,ou=computers,o=
> > acasalud.com.ar <http://acasalud.com.ar>
> > > <http://acasalud.com.ar>
> > > > < http://acasalud.com.ar>,dc=acasalud,dc=c
> > > > om,dc=ar", attribute "displayName" is not allowed
> > > >
> > > > What does it means?
> > > >
> > > > Thanks,
> > > > Andrés.
> > > >
> > > >
> > > >
> > > > 2006/2/14, Daniel Wilson <
> > daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>
> > > <mailto:daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>>
> > > > <mailto: daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>
> > > <mailto:daniel.wilson at sunderland.ac.uk
> > <mailto:daniel.wilson at sunderland.ac.uk>>>>:
> > > >
> > > > Have you checkes the Sun LDAP errors.log file for
> the
> > > specific object
> > > > class violation? Usually at
> > > > <install_dir>/slapd-<hostname>/logs/errors.log
> > > >
> > > > Daniel Wilson
> > > > Systems Manager
> > > > Student and Learning Support
> > > > University of Sunderland
> > > > Tel: 0191 515 2695
> > > >
> > > >
> > > >
> > > > Andrés Yacopino wrote:
> > > >
> > > > >I have deployed a samba server with Sun Java Ldap
> > Directory.
> > > > >
> > > > >I sucessfully create users and deleted them when
> > ldap delete
> > > > dn=yes in
> > > > >smb.conf, but when ldap delete dn=no i obtain this
> > error when i
> > > > issue a
> > > > >smbpasswd -m -x command:
> > > > >
> > > > >ldapsam_delete_entry: Could not delete attributes
> for
> > > > >uid=aprueba$,ou=computers,
> > > > >o= acasalud.com.ar <http://acasalud.com.ar> <
> > http://acasalud.com.ar>
> > > > <http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar,
> > error:
> > > Object
> > > > class violation ()
> > > > >Failed to delete entry for user aprueba$.
> > > > >Failed to modify password entry for user aprueba$
> > > > >
> > > > >My smb.conf is:
> > > > >
> > > > >[global]
> > > > >
> > > > > workgroup = ACASALUDROS
> > > > > server string = Sun Samba Server
> > > > > security = user
> > > > > dos filetimes = yes
> > > > > time offset = -360
> > > > > load printers = yes
> > > > > printcap name = /etc/printcap
> > > > > printing = cups
> > > > > guest account = guest
> > > > > log file = /usr/local/samba/var/log.%m
> > > > > log level = 5
> > > > > max log size = 50
> > > > > null passwords = yes
> > > > > encrypt passwords = yes
> > > > > ldap password sync = yes
> > > > > unix password sync = yes
> > > > > username level = 2
> > > > > password level = 0
> > > > > passwd program = /usr/bin/passwd %u
> > > > > passwd chat = *New* password* %n\n *new*
> > password* %n\n
> > > > *successfully*
> > > > > idmap backend =
> ldapsam:ldap://localhost:389
> > > > > passdb backend =
> ldapsam:ldap://localhost:389
> > > > > ldap admin dn = cn=Directory Manager
> > > > > ldap suffix = o= acasalud.com.ar
> > <http://acasalud.com.ar>
> > > < http://acasalud.com.ar>
> > > > < http://acasalud.com.ar>,dc=acasalud,dc=com,dc=ar
> > > > > ldap user suffix = ou=people
> > > > > ldap group suffix = ou=groups
> > > > > ldap machine suffix = ou=computers
> > > > > ldap idmap suffix = ou=idmap
> > > > > ldap delete dn = no
> > > > > socket options = TCP_NODELAY=0
> > > > > wins server = 10.11.0.2 <http://10.11.0.2>
> > <http://10.11.0.2>
> > > < http://10.11.0.2>
> > > > > dns proxy = no
> > > > >
> > > > >what is wrong?
> > > > >
> > > > >Is that works only when
> > > > >
> > > > > preferred master = yes
> > > > > domain master = yes
> > > > > local master = yes
> > > > > domain logons = yes
> > > > >
> > > > >are yes?
> > > > >Any other ideas?
> > > > >
> > > > >Thanks a lot.
> > > > >
> > > > >
> > > > >--
> > > > >Andrés Yacopino
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Andrés Yacopino
> > >
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Andrés Yacopino
> >
> >
> >
> >
> >
> >
> > --
> > Andrés Yacopino
> >
> >
> >
> >
> > --
> > Andrés Yacopino
>
> --
> Daniel Wilson
> Systems Manager
> Student and Learning Support
> University of Sunderland
> Tel: 0191 515 2695
>
>
--
Andrés Yacopino
More information about the samba
mailing list