[Samba] smbldap-adduser problems
fonteneau
fonteneau at dynetcom.fr
Thu Feb 23 16:20:26 GMT 2006
Hi,
by using IDEALX scripts (smbldap-tools-0.9.2) this is what i've find.
in my smb.conf file i've put those lines :
add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
then using smbldap-populate -> good , net rpc join -> good and net rpc
vampire commands with debug -d 3 with net rpc vampire -> not good.
The debug looks like :
Creating account: vincent-admin
[2006/02/22 17:26:06, 1]
utils/net_rpc_samsync.c:fetch_account_info(534)
fetch_account: Running the command
`/usr/local/sbin/smbldap-useradd -a -m "vincent-admin"' gave 0
[2006/02/22 17:26:06, 3]
utils/net_rpc_samsync.c:fetch_account_info(548)
Attempting to find SID
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in
the passdb
[2006/02/22 17:26:06, 3]
utils/net_rpc_samsync.c:fetch_account_info(552)
Attempting to add user SID
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in
the passdb
[2006/02/22 17:26:06, 0]
passdb/pdb_ldap.c:ldapsam_add_sam_account(1980)
ldapsam_add_sam_account: User 'vincent-admin' already in the base,
with samba attributes
[2006/02/22 17:26:06, 1]
utils/net_rpc_samsync.c:fetch_account_info(555)
SAM Account for vincent-admin failed to be added to the passdb!
This means that during vampire procedure the user vincent-admin was
create as samba profile with SID = 2*RID +1000 (idealx script) in
openldap. then receiving SID from NT4 server but can't create same user
with this SID b'cause user already exists. The problem come at the
vampire end procedure when triing to associate windows nt4 groups on
samba with the wrong sid : 1047 for windows sid and 3020 for samba first
profile created.
When removing -a option in the add user script line the profile is well
create with good sid during account migration, and everything seems to
be good.
AND NOT grrrrr. of course sid are good but by removing -a option my
account is not created with sambaHomePath, sambaHomeDrive, and many
other samba account parameters.
Creating account: vincent-admin
[2006/02/23 11:13:00, 1]
utils/net_rpc_samsync.c:fetch_account_info(534)
fetch_account: Running the command
`/usr/local/sbin/smbldap-useradd -m "vincent-admin"' gave 0
[2006/02/23 11:13:00, 3]
utils/net_rpc_samsync.c:fetch_account_info(548)
Attempting to find SID
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in
the passdb
[2006/02/23 11:13:00, 3]
utils/net_rpc_samsync.c:fetch_account_info(552)
Attempting to add user SID
S-1-5-21-1694593686-2069964415-1230779191-1046 for user vincent-admin in
the passdb
[2006/02/23 11:13:00, 3]
passdb/pdb_ldap.c:ldapsam_add_sam_account(2031)
ldapsam_add_sam_account: User exists without samba attributes:
adding them
[2006/02/23 11:13:00, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
init_ldap_from_sam: Setting entry for user: vincent-admin
[2006/02/23 11:13:00, 2]
passdb/pdb_ldap.c:ldapsam_add_sam_account(2141)
ldapsam_add_sam_account: added: uid == vincent-admin in the LDAP
database
[2006/02/23 11:13:00, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
init_group_from_ldap: Entry found for group: 513
i'm triing to find how to fixe this bug if it is or is there something
wrong i've made during the configuration ?
I'm using samba 3.0.21b, openldap-2.2.13-4 on a Red Hat Enterprise Linux
4 ES. Windows NT4 French server.
Thank Vincent
More information about the samba
mailing list