[Samba] Re: Adding machine account to LDAP with pdbedit fails

Arkadiy Chapkis - Arc achapkis at dls.net
Mon Feb 20 20:24:49 GMT 2006


  That is what I thought. Should I submit a bug report for pdbedit?
Another thing I am looking for is help (or a suggestion). The problem is that I already have a userbase in LDAP with
passwords in CRYPT format for logging into UNIX workstations. Is there a way to syncronize these passwords with Samba
hashes? Is there a way to make a Samba password hashes from a cleartext password? The reason for the questions is I am
using a custom script to add a user to LDAP and in there is asks for a password to generate CRYPT string. I would
rather use the entered-once password than to have pdbedit ask for it again (in case I use pdbedit in my script)

  Thanks for all the help,

>>   I am having a problem adding a machine account with pdbedit. My setup is the
>> latest samba (3.0.21b) compiled from
>> source on Solaris 10, SUN's latest JES' Directory Server.
>...
>> The DS error log show this
>> [19/Feb/2006:11:20:21 -0600] - ERROR<5896> - Schema  - conn=-1 op=-1 msgId=-1
>> - User error:  Entry 
>> "uid=baltika$,ou=Computers,dc=dcvast,dc=com", attribute "sambaSID" required by
>> object class "sambaSamAccount" is missing
>
>I'd venture to guess that this is a bug in pdbedit.  The samba schema 
>definitely requires sambaSid for sambaSamAccount objects, and pdbedit 
>clearly isn't specifying that attribute when it adds a machine account.
>
>I know that the smbldap-tools scripts add the posix account without the 
>sambaSamAccount objectclass and values, which smbd adds when the machine 
>joins the domain.  I'm not familiar enough with pdbedit to know whether 
>it should behave like those scripts, or add the sambaSid attribute.  I 
>guess the latter seems more likely.
>


                                      Arc C.
                                      achapkis at dls.net


More information about the samba mailing list