[Samba] smbldap-adduser problems

fonteneau fonteneau at dynetcom.fr
Thu Feb 23 16:20:26 GMT 2006


Hi,

by using IDEALX scripts (smbldap-tools-0.9.2) this is what i've find.

in my smb.conf file i've put those lines :
        add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
        delete user script = /usr/local/sbin/smbldap-userdel "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        delete group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"
        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

then using smbldap-populate -> good , net rpc join -> good and net rpc 
vampire commands with debug -d 3 with net rpc vampire -> not good.
 The debug looks like :

    Creating account: vincent-admin
    [2006/02/22 17:26:06, 1] 
utils/net_rpc_samsync.c:fetch_account_info(534)
      fetch_account: Running the command 
`/usr/local/sbin/smbldap-useradd -a -m "vincent-admin"' gave 0
    [2006/02/22 17:26:06, 3] 
utils/net_rpc_samsync.c:fetch_account_info(548)
      Attempting to find SID 
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in 
the passdb
    [2006/02/22 17:26:06, 3] 
utils/net_rpc_samsync.c:fetch_account_info(552)
      Attempting to add user SID 
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in 
the passdb
    [2006/02/22 17:26:06, 0] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(1980)
      ldapsam_add_sam_account: User 'vincent-admin' already in the base, 
with samba attributes
    [2006/02/22 17:26:06, 1] 
utils/net_rpc_samsync.c:fetch_account_info(555)
  SAM Account for vincent-admin failed to be added to the passdb!

This means that during vampire procedure the user vincent-admin was 
create as samba profile with SID = 2*RID +1000 (idealx script)  in 
openldap. then receiving SID from NT4 server but can't create same user 
with this SID b'cause user already exists. The problem come at the 
vampire end procedure when triing to associate windows nt4 groups on 
samba with the wrong sid : 1047 for windows sid and 3020 for samba first 
profile created.

When removing -a option in the add user script line the profile is well 
create with good sid during account migration, and everything seems to 
be good.
AND NOT grrrrr. of course sid are good but by removing -a option my 
account is not created with sambaHomePath, sambaHomeDrive, and many 
other samba account parameters.
    Creating account: vincent-admin

    [2006/02/23 11:13:00, 1] 
utils/net_rpc_samsync.c:fetch_account_info(534)
      fetch_account: Running the command 
`/usr/local/sbin/smbldap-useradd -m "vincent-admin"' gave 0
    [2006/02/23 11:13:00, 3] 
utils/net_rpc_samsync.c:fetch_account_info(548)
      Attempting to find SID 
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in 
the passdb
    [2006/02/23 11:13:00, 3] 
utils/net_rpc_samsync.c:fetch_account_info(552)
      Attempting to add user SID 
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in 
the passdb
    [2006/02/23 11:13:00, 3] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(2031)
      ldapsam_add_sam_account: User exists without samba attributes: 
adding them
    [2006/02/23 11:13:00, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
      init_ldap_from_sam: Setting entry for user: vincent-admin
    [2006/02/23 11:13:00, 2] 
passdb/pdb_ldap.c:ldapsam_add_sam_account(2141)
      ldapsam_add_sam_account: added: uid == vincent-admin in the LDAP 
database
    [2006/02/23 11:13:00, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
      init_group_from_ldap: Entry found for group: 513


i'm triing to find how to fixe this bug if it is or is there something 
wrong i've made during the configuration ?
I'm using samba 3.0.21b, openldap-2.2.13-4 on a Red Hat Enterprise Linux 
4 ES. Windows NT4 French server.

Thank Vincent


More information about the samba mailing list