[Samba] smbpasswd and machine accounts
Eric A. Hall
ehall at ehsco.com
Wed Jan 31 15:46:51 GMT 2007
I'm using samba-3.0.23d-19 on openSUSE 10.2 with an LDAP PDC arrangement
I'm trying to sort out some problems with adding a trust relationship.
Specifically, smbpasswd is failing when I try to create/modify the domain
account. Further investigation shows that it is also failing to modify
workstation accounts. However it is able to modify user accounts fine. The
big difference here seems to be the ordering:
Here is the debug level 4 output for trying to modify machine "PC-1":
[ root# ] smbpasswd -D4 -m PC-1
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
init_sam_from_ldap: Entry found for user: pc-1$
init_group_from_ldap: Entry found for group: 515
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-515] count=0
init_group_from_ldap: Entry found for group: 515
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-515] count=0
init_group_from_ldap: Entry found for group: 515
store_gid_sid_cache: gid 515 in cache ->
S-1-5-21-284210356-3264030311-3336521042-515
Failed to set password for user PC-1$.
Failed to modify password entry for user PC-1$
Here is the output for modifying user account "jbleau":
[ root# ] smbpasswd -D4 jbleau
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
New SMB password:
Retype new SMB password:
init_sam_from_ldap: Entry found for user: jbleau
init_group_from_ldap: Entry found for group: 513
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-513] count=0
init_group_from_ldap: Entry found for group: 513
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-513] count=0
init_group_from_ldap: Entry found for group: 513
store_gid_sid_cache: gid 513 in cache ->
S-1-5-21-284210356-3264030311-3336521042-513
ldapsam_update_sam_account: user jbleau to be modified has dn:
uid=jbleau,ou=Users,dc=labs,dc=ntrg,dc=com
init_ldap_from_sam: Setting entry for user: jbleau
ldapsam_modify_entry: LDAP Password changed for user jbleau
ldapsam_update_sam_account: successfully modified uid = jbleau in the LDAP
database
Note that smbpasswd prompted for the user password before trying to search
(perhaps this is bind-related). Also note that neither the workstation or
user modification routines claimed to be able to locate the associated SID
(judging from LDAP traces, the search appears to be malformed), but that
did not have any effect on the outcome of the user operation.
Anybody know what's up?
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
More information about the samba
mailing list