[Samba] problem usmgr Version 3.2.4 solved partlly

Robert Schetterer robert at schetterer.org
Fri Oct 17 22:11:09 GMT 2008


Jeremy Allison schrieb:
> On Fri, Oct 17, 2008 at 05:08:47PM +0200, Robert Schetterer wrote:
>> hi , i have
>> a few problems with usmgr on Version 3.2.4
>> ( Version 3.2.4-8.1-1931-SUSE-SL11.0 )
>> samba pdc ldap
>> the download version from ms
>> http://www.microsoft.com/Downloads/details.aspx?FamilyID=c0011ab8-3178-4701-a791-eafba0f42de2&displaylang=en
>> doesnt work
>> giving
>>
>> "device attached to the system is not functioning"
>> whatever i do
>>
>> a old version from usermgr works partially
>> but magic only with the first user in Domain Admins Group
>> other users in Domain Admins dont work ( root works too )
>>
>>
>> with the old usrmgr version i cant only add a user
>> in first case i want to add other stuff like name etc
>> i dont works , so i have to do it in asecond usermod
>> als password creating doesnt work in first useradd
>>
>> here are also comming up
>> device attached to the system is not functioning"
>> but operations final works and is shown after refresh
>>
>> win client is win xp prof german serv pack3 german
>> latest patch level
>>
>> i finally found some error code in the logs
>> using usrmgr with some user from the "Domain Admin" Group
>> smbldap_open: cannot access LDAP when not root
>>
>> 2008/10/17 00:37:09,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
>>   Returning domain sid for domain FIDO ->
>> S-1-5-21-213567364-2628613513-2492443612
>> [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>   init_group_from_ldap: Entry found for group: 1007
>> [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>   init_group_from_ldap: Entry found for group: 1007
>> [2008/10/17 00:37:09,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>   init_group_from_ldap: Entry found for group: 1007
>> [2008/10/17 00:37:09,  0] lib/smbldap.c:smbldap_open(1029)
>>   smbldap_open: cannot access LDAP when not root
>> [2008/10/17 00:38:16,  2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
>>
>> any ideas how do get this fixed ?
> 
> Can you re-run smbd with debug level 10 so I can track
> down the codepath that isn't doing the become_root()
> correctly. It's possible that this is already fixed
> but I don't see an exact commit that would fix this.
> 
> Thanks,
> 
> Jeremy.

Hi Jeremy, did a useradd with usermgr level 10
wich invokes
"device attached to the system is not functioning"
after done

grep tester team.newcompr1.log
                          string                   : 'tester'
                          string                   : 'tester'
  Checking whether [tester] can be created
  lookup_name: tester =>  (domain), tester (name)
  map_name_to_wellknown_sid: looking up tester
  smbldap_search_ext: base => [dc=fido,dc=intern], filter =>
[(&(uid=tester)(objectclass=sambaSamAccount))], scope => [2]
  ldapsam_getsampwnam: Unable to locate user [tester] count=0
  smbldap_search_ext: base => [ou=Groups,dc=fido,dc=intern], filter =>
[(&(objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester)))],
scope => [2]
  ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(|(displayName=tester)(cn=tester)))
  tester does not exist, can create it
  Finding user tester
  Trying _Get_Pwnam(), username as lowercase is tester
  Checking combinations of 0 uppercase letters in tester
  Get_Pwnam_internals didn't find user [tester]!
  _samr_create_user: Running the command
`/etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P "tester"' gave 25
  Finding user tester
  Trying _Get_Pwnam(), username as lowercase is tester
  Get_Pwnam_internals did find user [tester]!
  pdb_set_username: setting username tester, was
  pdb_set_profile_path: setting profile path
\\fidoserver\profiles\tester, was
  pdb_set_homedir: setting home dir \\fidoserver\tester, was
  pdb_set_username: setting username tester, was tester
  smbldap_search_ext: base => [dc=fido,dc=intern], filter =>
[(&(uid=tester)(objectclass=sambaSamAccount))], scope => [2]
  ldapsam_add_sam_account: User 'tester' already in the base, with samba
attributes

i am not really sure but i think

User 'tester' already in the base, with samba attributes

is guilty for make usrmgr noisy, but addition of the user is done but no
password creation nor addtional attributes ( like name ) where taken at
user firstcreation time

one magical thing is
etc/opt/IDEALX/smbldap-tools/smbldap-useradd -a -m -P "%u"

my older insts dot need the -a , and it is also dokued
as smbldap-useradd -m -P "%u"

http://www.iallanis.info/smbldap-tools/docs/smbldap-tools/#htoc13

but without -a ( which i found by google ) it works

so i finally checked it again
it must be smbldap-useradd -m -P "%u"
cause ldap sync allready worked smba stuff in ldap

the story is
the whole mist startet with not having a patched version of
smbldap-tools so wrong group mapping etc... ( see mailings today )
i patched it repopulated it, fixed my broken smb.conf entries
and with the old version of usrmgr now everything works as it should
with ms downloadversion of usrmgr i have still problems
i will investigate in  this later
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria


More information about the samba mailing list