[Samba] renaming a computer fail on a samba domain using ldap backend

ioguix ioguix at free.fr
Tue Apr 1 17:09:34 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it.
Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before.

I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params :
~~~~~~~~~~~~~~~~~~~~~~~~~~
   add user script = /usr/sbin/smbldap-useradd -c "Samba user account" -m -s /bin/false '%u'
   add machine script = /usr/sbin/smbldap-useradd -c "Samba computer account" -g 515 -w -s /bin/false '%u'
   add group script = /usr/sbin/smbldap-groupadd '%g'
   add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
   delete user script = /usr/sbin/smbldap-userdel '%u'
   delete group script = /usr/sbin/smbldap-groupdel '%g'
   delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
   set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
~~~~~~~~~~~~~~~~~~~~~~~~~~

So far, I can add a computer on a domain, but I can't rename it.

I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is
unknown.

The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP,
renaming it under WinXP, re-join the domain, then drop the old computer account.

Here the content of log.root when I try to rename the computer (using "log file = /var/log/samba/log.%U" and log level = 3)
http://pastebin.org/26701
The ACCESS denied is at line 771 : "set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED"

I could give a more verbose log file, but this one is pretty huge...

So, where did I fail ?

Do we can rename a computer on a samba domain ?

Feel free to ask me anything more you need to help me :)

- --
Guillaume (ioguix) de Rorthais
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH8mxOxWGfaAgowiIRApA7AJ9p/7m2G3wH/1YvR/0f9MkxNZ3DGACfZbOl
e6Mz3mQS2bIS6yzJ++cu66A=
=B3vK
-----END PGP SIGNATURE-----

More information about the samba mailing list