[Samba] problem usmgr Version 3.2.4 solved partlly
Robert Schetterer
robert at schetterer.org
Fri Oct 17 22:11:09 GMT 2008
Jeremy Allison schrieb:
> On Fri, Oct 17, 2008 at 05:08:47PM +0200, Robert Schetterer wrote:
>> hi , i have
>> a few problems with usmgr on Version 3.2.4
>> ( Version 3.2.4-8.1-1931-SUSE-SL11.0 )
>> samba pdc ldap
>> the download version from ms
>> http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2&displaylang=en
>> doesnt work
>> giving
>>
>> "device attached to the system is not functioning"
>> whatever i do
>>
>> a old version from usermgr works partially
>> but magic only with the first user in Domain Admins Group
>> other users in Domain Admins dont work ( root works too )
>>
>>
>> with the old usrmgr version i cant only add a user
>> in first case i want to add other stuff like name etc
>> i dont works , so i have to do it in asecond usermod
>> als password creating doesnt work in first useradd
>>
>> here are also comming up
>> device attached to the system is not functioning"
>> but operations final works and is shown after refresh
>>
>> win client is win xp prof german serv pack3 german
>> latest patch level
>>
>> i finally found some error code in the logs
>> using usrmgr with some user from the "Domain Admin" Group
>> smbldap_open: cannot access LDAP when not root
>>
>> 2008/10/17 00:37:09, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
>> Returning domain sid for domain FIDO ->
>> S-1-5-21-213567364-2628613513-2492443612
>> [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>> init_group_from_ldap: Entry found for group: 1007
>> [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>> init_group_from_ldap: Entry found for group: 1007
>> [2008/10/17 00:37:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>> init_group_from_ldap: Entry found for group: 1007
>> [2008/10/17 00:37:09, 0] lib/smbldap.c:smbldap_open(1029)
>> smbldap_open: cannot access LDAP when not root
>> [2008/10/17 00:38:16, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> any ideas how do get this fixed ?
>
> Can you re-run smbd with debug level 10 so I can track
> down the codepath that isn't doing the become_root()
> correctly. It's possible that this is already fixed
> but I don't see an exact commit that would fix this.
>
> Thanks,
>
> Jeremy.
Hi Jeremy, did a useradd with usermgr level 10
wich invokes
"device attached to the system is not functioning"
after done
grep tester team.newcompr1.log
string : 'tester'
string : 'tester'
Checking whether [tester] can be created
lookup_name: tester => (domain), tester (name)
map_name_to_wellknown_sid: looking up tester
smbldap_search_ext: base => [dc=fido,dc=intern], filter =>
[(&(uid=tester)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwnam: Unable to locate user [tester] count=0
smbldap_search_ext: base => [ou=Groups,dc=fido,dc=intern], filter =>
[(&(objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester)))],
scope => [2]
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester)))
tester does not exist, can create it
Finding user tester
Trying _Get_Pwnam(), username as lowercase is tester
Checking combinations of 0 uppercase letters in tester
Get_Pwnam_internals didn't find user [tester]!
_samr_create_user: Running the command
`/etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P "tester"' gave 25
Finding user tester
Trying _Get_Pwnam(), username as lowercase is tester
Get_Pwnam_internals did find user [tester]!
pdb_set_username: setting username tester, was
pdb_set_profile_path: setting profile path
\\fidoserver\profiles\tester, was
pdb_set_homedir: setting home dir \\fidoserver\tester, was
pdb_set_username: setting username tester, was tester
smbldap_search_ext: base => [dc=fido,dc=intern], filter =>
[(&(uid=tester)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_add_sam_account: User 'tester' already in the base, with samba
attributes
i am not really sure but i think
User 'tester' already in the base, with samba attributes
is guilty for make usrmgr noisy, but addition of the user is done but no
password creation nor addtional attributes ( like name ) where taken at
user firstcreation time
one magical thing is
etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P "%u"
my older insts dot need the -a , and it is also dokued
as smbldap-useradd -m -P "%u"
http://www.iallanis.info/smbldap-tools/docs/smbldap-tools/#htoc13
but without -a ( which i found by google ) it works
so i finally checked it again
it must be smbldap-useradd -m -P "%u"
cause ldap sync allready worked smba stuff in ldap
the story is
the whole mist startet with not having a patched version of
smbldap-tools so wrong group mapping etc... ( see mailings today )
i patched it repopulated it, fixed my broken smb.conf entries
and with the old version of usrmgr now everything works as it should
with ms downloadversion of usrmgr i have still problems
i will investigate in this later
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
More information about the samba
mailing list