[Samba] smbpasswd -a not working with ldap

James james at nttmcl.com
Fri Sep 14 23:08:17 GMT 2007 

Hi i'm trying to add new samba users with an ldap backend
i can use smbpasswd to change current samba user passwords but if i try 
to add a user it won't add the attributes to the ldap account.
i have run smbpasswd -w already
I noticed that when running smbpasswd and adding a user the search 
filter is looking for a sambasamaccount but that attribute needs to be 
CREATED by smbpasswd -a right?
Debian Etch
Samba 3.0.24-6etch4
TIA

Here's my smb.conf and my smbpasswd debug

smb.conf
####################################################
[global]
workgroup = PDC-TEST
netbios name = machine
server string = Samba %v


##### Domain Directives #####
os level = 65
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
#interfaces = eth1

##### Generic Directives #####
hide dot files = yes
security = user
max log size = 1000
log level = 999999999
syslog = 1666
username map = /etc/samba/smbusers
#passdb backend = tdbsam
##### LDAP Directives #####
passdb backend = ldapsam:"ldap://ldap-master.example.com"
ldap suffix = dc=example,dc=com
ldap admin dn = cn=admin,dc=example,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap uid = 10000-20000
idmap gid = 10000-20000

#add user script = /usr/sbin/smbldap-useradd -a -m "%u"
#add machine script = /usr/sbin/smbldap-useradd -a -w "%u"
#add group script = /usr/sbin/smbldap-groupadd -a -p "%g"
#add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
#set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

#passwd program = /usr/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new 
password*" %n\n"


###### Comment Out to Disable PASSWD Sync #####
ldap passwd sync = yes
encrypt passwords = yes

[homes]
   comment = Home Directories
   browseable = no
   writable = no
   create mask = 0700
   directory mask = 0700
   valid users = %S

[netlogon]
        path = /var/lib/samba/netlogon
        guest ok = yes
        browseable = No

[profiles]
        comment = Network Profiles Service
        path = %H
        read only = no
        store dos attributes = yes
        create mask = 0700
        directory mask = 0700
        browseable = no


SMBPASSWD Debug:
# smbpasswd -a Admin -D 256
The LDAP server is succesfully connected
pdb backend ldapsam:"ldap://ldap-master.example.com" has a valid init
New SMB password:
Retype new SMB password:
smbldap_search_ext: base => [dc=example,dc=com], filter => 
[(&(uid=Admin)(objectclass=sambaSamAccount))], scope => [2]
smbldap_open: already connected to the LDAP server
ldapsam_getsampwnam: Unable to locate user [Admin] count=0
Failed to modify password entry for user Admin

More information about the samba mailing list