[Samba] Samba PDC With LDAP Backend,
Failed to initialise SAM_ACCOUNT for user
zdennis
zdennis at mktec.com
Tue Jul 11 20:54:04 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Since I am using an LDAP backend, should I restrict myself from using the smbpasswd and like commands? I can add my machine
account using smbldap-* utilities.
Zach
zdennis wrote:
> I have seen this problem posted several times and the common answer doesn't seem to be doing it for me.
>
> Here's the error:
>
> Trying to load: ldapsam_compat:ldap://127.0.0.1/
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend NDS_ldapsam
> Successfully added passdb backend 'NDS_ldapsam'
> Attempting to register passdb backend NDS_ldapsam_compat
> Successfully added passdb backend 'NDS_ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to register passdb backend guest
> Successfully added passdb backend 'guest'
> Attempting to find an passdb backend to match ldapsam_compat:ldap://127.0.0.1/ (ldapsam_compat)
> Found pdb backend ldapsam_compat
> pdb backend ldapsam_compat:ldap://127.0.0.1/ has a valid init
> Attempting to find an passdb backend to match guest (guest)
> Found pdb backend guest
> pdb backend guest has a valid init
> smbldap_search_ext: base => [dc=mktec,dc=com], filter => [(&(uid=Aries$)(objectclass=sambaAccount))], scope => [2]
> The connection to the LDAP server was closed
> smb_ldap_setup_connection: ldap://127.0.0.1/
> smbldap_open_connection: connection opened
> ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as "cn=admin,dc=mktec,dc=com"
> ldap_connect_system: succesful connection to the LDAP server
> Failed to initialise SAM_ACCOUNT for user Aries$. Does this user exist in the UNIX password database ?
> Failed to modify password entry for user Aries$
> ldap_connect_system: LDAP server does support paged results
> The LDAP server is succesfully connected
> ldapsam_getsampwnam: Unable to locate user [Aries$] count=0
> Finding user Aries$
> Trying _Get_Pwnam(), username as lowercase is aries$
> Trying _Get_Pwnam(), username as given is Aries$
> Trying _Get_Pwnam(), username as uppercase is ARIES$
> Checking combinations of 0 uppercase letters in aries$
> Get_Pwnam_internals didn't find user [Aries$]!
>
>
> Here is the configuration:
>
> -----------START CONFIGURATION-------------------
> [global]
> workgroup = mktec.com
> netbios name = MKTEC
> server string = %h server (Samba %v)
> wins support = yes
> dns proxy = yes
> name resolve order = wins lmhosts host bcast
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> security = user
> encrypt passwords = true
>
> passdb backend = ldapsam_compat:ldap://127.0.0.1/
> obey pam restrictions = no
> invalid users = root
>
> ldap admin dn = cn=admin,dc=mktec,dc=com
> ldap suffix = dc=mktec,dc=com
> ldap group suffix= ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Users
> ldap idmap suffix = ou=Users
> ldap ssl = no
>
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
>
> add user script = /usr/sbin/smbldap-useradd -m "%u"
>
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> enable privileges = yes
>
> domain logons = yes
> domain master = yes
> preferred master = yes
> local master = yes
>
> load printers = no
> socket options = TCP_NODELAY
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> guest ok = yes
> read only = yes
> write list
> writable = no
> share modes = no
>
> [profiles]
> comment = Users profiles
> path = /var/lib/samba/profiles
> read only = no
> guest ok = no
> browseable = no
> create mask = 0600
> directory mask = 0700
> -----------END CONFIGURATION-------------------
>
> I mapped the ldap machine suffix to ou=Users rather then ou=Computers because of previous message on the mailing list which
> suggested there was a bug in Samba3. It doesn't seem to work either way, as it results in the exact same error message. My LDAP
> directory layed out with the basic Users, Computers, Groups organizational units in existance.
>
> I am running on a Ubuntu Dapper server:
> samba 3.0.22-1
> openldap (slapd) 2.2.26-5
>
> Any input or help is greatly appreciated. Thanks,
>
> Zach
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEtA/rMyx0fW1d8G0RAraFAJ9Z9kfEn03GuSGpkb7r0Rc86th8VACfTr25
cqX/gs+8H1VPe5XrnzX4gqQ=
=3YIr
-----END PGP SIGNATURE-----
More information about the samba
mailing list