[Samba] Re: Adding machine account to LDAP with pdbedit fails
Arkadiy Chapkis - Arc
achapkis at dls.net
Mon Feb 20 20:24:49 GMT 2006
That is what I thought. Should I submit a bug report for pdbedit?
Another thing I am looking for is help (or a suggestion). The problem is that I already have a userbase in LDAP with
passwords in CRYPT format for logging into UNIX workstations. Is there a way to syncronize these passwords with Samba
hashes? Is there a way to make a Samba password hashes from a cleartext password? The reason for the questions is I am
using a custom script to add a user to LDAP and in there is asks for a password to generate CRYPT string. I would
rather use the entered-once password than to have pdbedit ask for it again (in case I use pdbedit in my script)
Thanks for all the help,
>> I am having a problem adding a machine account with pdbedit. My setup is the
>> latest samba (3.0.21b) compiled from
>> source on Solaris 10, SUN's latest JES' Directory Server.
>...
>> The DS error log show this
>> [19/Feb/2006:11:20:21 -0600] - ERROR<5896> - Schema - conn=-1 op=-1 msgId=-1
>> - User error: Entry
>> "uid=baltika$,ou=Computers,dc=dcvast,dc=com", attribute "sambaSID" required by
>> object class "sambaSamAccount" is missing
>
>I'd venture to guess that this is a bug in pdbedit. The samba schema
>definitely requires sambaSid for sambaSamAccount objects, and pdbedit
>clearly isn't specifying that attribute when it adds a machine account.
>
>I know that the smbldap-tools scripts add the posix account without the
>sambaSamAccount objectclass and values, which smbd adds when the machine
>joins the domain. I'm not familiar enough with pdbedit to know whether
>it should behave like those scripts, or add the sambaSid attribute. I
>guess the latter seems more likely.
>
Arc C.
achapkis at dls.net
More information about the samba
mailing list