[Samba] Adding machine account to LDAP with pdbedit fails

Arc C. achapkis at dls.net
Sun Feb 19 17:56:53 GMT 2006 

  Hello everyone,

  I am having a problem adding a machine account with pdbedit. My setup is the
latest samba (3.0.21b) compiled from
source on Solaris 10, SUN's latest JES' Directory Server. I am in a beginning
stage of setting up this environment, so
I may not have done something right. I was following the Samba PDC LDAP howto
by Ignacio Coupeau
(http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html), a link to which is
being provided on the official Samba howto
page. I've attached the output of following command:
# date;pdbedit -a -m -u baltika -d10

The DS error log show this
[19/Feb/2006:11:20:21 -0600] - ERROR<5896> - Schema  - conn=-1 op=-1 msgId=-1
- User error:  Entry 
"uid=baltika$,ou=Computers,dc=dcvast,dc=com", attribute "sambaSID" required by
object class "sambaSamAccount" is missing

  I saw an earlier posting with the same type of error but no resolution yet.
Is this a problem with my setup? Is this a general bug with pdbedit/LDAP
server/something else?

  Thanks,

Arc C.
achapkis at dls.net
-------------- next part --------------
Sun Feb 19 11:20:21 CST 2006
INFO: Current debug levels:
  all: True/10
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
  locking: False/0
  msdfs: False/0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = DCVAST_NT
doing parameter netbios name = STROHS
handle_netbios_name: set global_myname to: STROHS
doing parameter local master = yes
doing parameter passdb backend = ldapsam:ldap://localhost
doing parameter security = user
doing parameter os level = 33
doing parameter preferred master = auto
doing parameter enable privileges = Yes
doing parameter hosts allow = 10.10.
doing parameter username map = /etc/samba/smbusers
doing parameter log level = 5
doing parameter syslog = 0
doing parameter log file = /var/adm/samba/%m
doing parameter max log size = 50
doing parameter name resolve order = wins bcast hosts
doing parameter time server = Yes
doing parameter show add printer wizard = No
doing parameter logon path = \\%L\profiles\%U
doing parameter logon drive = H:
doing parameter logon home = \\baltika\%U\winprofile
doing parameter domain logons = Yes
doing parameter domain master = Yes
doing parameter wins support = Yes
doing parameter ldap suffix = dc=dcvast,dc=com
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap user suffix = ou=People
doing parameter ldap group suffix = ou=Group
doing parameter ldap idmap suffix = ou=Idmap
doing parameter ldap admin dn = cn=Directory Manager
doing parameter ldap passwd sync = yes
doing parameter ldap delete dn = no
doing parameter idmap backend = ldap:ldap://localhost
doing parameter idmap uid = 10000-20000
doing parameter idmap gid = 10000-20000
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter map acl inherit = Yes
doing parameter printing = lpd
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Substituting charset '646' for LOCALE
Trying to load: ldapsam:ldap://localhost
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DCVAST_NT))]
smbldap_search_ext: base => [dc=dcvast,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName=DCVAST_NT))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Directory Manager"
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does not support paged results
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Netbios name list:-
my_netbios_names[0]="STROHS"
Trying to load: ldapsam:ldap://localhost
Attempting to find an passdb backend to match ldapsam:ldap://localhost (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DCVAST_NT))]
smbldap_search_ext: base => [dc=dcvast,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName=DCVAST_NT))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Directory Manager"
ldap_connect_system: succesful connection to the LDAP server
ldap_connect_system: LDAP server does not support paged results
The LDAP server is succesfully connected
pdb backend ldapsam:ldap://localhost has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
grant_privilege: S-1-1-0
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-544
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-548
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-549
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-550
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
grant_privilege: S-1-5-32-551
original privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
new privilege mask:
SE_PRIV  0x0 0x0 0x0 0x0
account_policy_get: name: maximum password age, val: -1
account_policy_get: name: minimum password age, val: 0
account_policy_get: name: password history, val: 0
pdb_set_username: setting username baltika$, was 
pdb_set_group_sid: setting group sid S-1-5-21-1396024627-659649020-1213447526-515
pdb_set_group_sid_from_rid:
	setting group sid S-1-5-21-1396024627-659649020-1213447526-515 from rid 515
smbldap_search_ext: base => [dc=dcvast,dc=com], filter => [(&(uid=baltika$)(objectclass=sambaSamAccount))], scope => [2]
smbldap_search_ext: base => [dc=dcvast,dc=com], filter => [(uid=baltika$)], scope => [2]
smbldap_search_ext: base => [dc=dcvast,dc=com], filter => [(&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))], scope => [2]
ldapsam_add_sam_account: Adding new user
smbldap_make_mod: adding attribute |uid| value |baltika$|
init_ldap_from_sam: Setting entry for user: baltika$
smbldap_make_mod: adding attribute |sambaPrimaryGroupSID| value |S-1-5-21-1396024627-659649020-1213447526-515|
smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1140369621|
smbldap_make_mod: adding attribute |sambaPwdMustChange| value |2147483647|
smbldap_make_mod: adding attribute |sambaLMPassword| value |77D4B81312FC26E7AAD3B435B51404EE|
smbldap_make_mod: adding attribute |sambaNTPassword| value |8A5AE4B7198BDF08D005F4BD32DD0B04|
account_policy_get: name: password history, val: 0
smbldap_make_mod: adding attribute |sambaPasswordHistory| value |0000000000000000000000000000000000000000000000000000000000000000|
smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1140369621|
smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W          ]|
smbldap_add: dn => [uid=baltika$,ou=Computers,dc=dcvast,dc=com]
ldapsam_modify_entry: Failed to add user dn= uid=baltika$,ou=Computers,dc=dcvast,dc=com with: Object class violation
	
ldapsam_add_sam_account: failed to modify/add user with uid = baltika$ (dn = uid=baltika$,ou=Computers,dc=dcvast,dc=com)
Unable to add machine! (does it already exist?)

More information about the samba mailing list