[Samba] smbpasswd and machine accounts

Eric A. Hall ehall at ehsco.com
Wed Jan 31 15:46:51 GMT 2007


I'm using samba-3.0.23d-19 on openSUSE 10.2 with an LDAP PDC arrangement

I'm trying to sort out some problems with adding a trust relationship.
Specifically, smbpasswd is failing when I try to create/modify the domain
account. Further investigation shows that it is also failing to modify
workstation accounts. However it is able to modify user accounts fine. The
big difference here seems to be the ordering:

Here is the debug level 4 output for trying to modify machine "PC-1":

[ root# ] smbpasswd -D4 -m PC-1

smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))]

smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected

init_sam_from_ldap: Entry found for user: pc-1$

init_group_from_ldap: Entry found for group: 515

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-515] count=0

init_group_from_ldap: Entry found for group: 515

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-515] count=0

init_group_from_ldap: Entry found for group: 515

store_gid_sid_cache: gid 515 in cache ->
S-1-5-21-284210356-3264030311-3336521042-515

Failed to set password for user PC-1$.
Failed to modify password entry for user PC-1$


Here is the output for modifying user account "jbleau":

[ root# ] smbpasswd -D4 jbleau

smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))]

smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected

New SMB password:
Retype new SMB password:

init_sam_from_ldap: Entry found for user: jbleau

init_group_from_ldap: Entry found for group: 513

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-513] count=0

init_group_from_ldap: Entry found for group: 513

ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-284210356-3264030311-3336521042-513] count=0

init_group_from_ldap: Entry found for group: 513

store_gid_sid_cache: gid 513 in cache ->
S-1-5-21-284210356-3264030311-3336521042-513

ldapsam_update_sam_account: user jbleau to be modified has dn:
uid=jbleau,ou=Users,dc=labs,dc=ntrg,dc=com

init_ldap_from_sam: Setting entry for user: jbleau

ldapsam_modify_entry: LDAP Password changed for user jbleau

ldapsam_update_sam_account: successfully modified uid = jbleau in the LDAP
database


Note that smbpasswd prompted for the user password before trying to search
(perhaps this is bind-related). Also note that neither the workstation or
user modification routines claimed to be able to locate the associated SID
(judging from LDAP traces, the search appears to be malformed), but that
did not have any effect on the outcome of the user operation.

Anybody know what's up?

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/


More information about the samba mailing list