[Samba] smblap-useradd problem
Arnaud Mombrial
arnaud.mombrial at fabernovel.com
Wed Jul 1 12:23:10 GMT 2009
Thx tisdn for your follow-up.
The difference you have noticed is due to the fact I've already switch from
smbldap-tools package version 0.9.4 to 0.9-5, the latest version available
from ilianis.com website.
I do get exactly the same error with those two packages, except of course for
the related lines. :/
Some more strange things about this problem :
Here the output of pdbedit :
fano2:~# pdbedit -L -v ploup
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
doing parameter max log size = 1000
doing parameter syslog only = no
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter time server = yes
doing parameter encrypt passwords = true
doing parameter invalid users = root
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
pm_process() returned Yes
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1
(ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)
(sambaDomainName=FABERNOVEL_TMP))]
smbldap_search_ext: base => [dc=faberNoveldap,dc=local], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=FABERNOVEL_TMP))], scope => [2]
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
The connection to the LDAP server was closed
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
pdb backend ldapsam:ldap://127.0.0.1 has a valid init
Netbios name list:-
my_netbios_names[0]="FANO2"
Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1
(ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)
(sambaDomainName=FABERNOVEL_TMP))]
smbldap_search_ext: base => [dc=faberNoveldap,dc=local], filter =>
[(&(objectClass=sambaDomain)(sambaDomainName=FABERNOVEL_TMP))], scope => [2]
The connection to the LDAP server was closed
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
pdb backend ldapsam:ldap://127.0.0.1 has a valid init
smbldap_search_ext: base => [dc=faberNoveldap,dc=local], filter =>
[(&(uid=ploup)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: ploup
Home server: fano2
Home server: fano2
Opening cache file at /var/run/samba/gencache.tdb
Opening cache file at /var/cache/samba/login_cache.tdb
Unix username: ploup
NT username: ploup
Account Flags: [UX ]
User SID: S-1-5-21-3439781798-418094041-3636104912-3190
Finding user ploup
Trying _Get_Pwnam(), username as lowercase is ploup
Get_Pwnam_internals did find user [ploup]!
smbldap_search_ext: base => [ou=Groups,dc=faberNoveldap,dc=local], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=513))], scope => [2]
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(gidNumber=513))
Primary Group SID: S-1-5-21-3439781798-418094041-3636104912-513
Full Name: ploup
Home Directory: \\fano2\ploup
HomeDir Drive:
Logon Script:
Profile Path: \\fano2\ploup\profile
Domain: FABERNOVEL_TMP
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 0
Password can change: 0
Password must change: 0
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
As you can see, there are some errors within
ldapsam_getgroup: Did not find group, filter was
(&(objectClass=sambaGroupMapping)(gidNumber=513))
Could it be a Database problem, is there a way to know if it's broken or
malformed ?
Regards.
Le vendredi 26 juin 2009 18:25:41, tisdn tisdn a écrit :
> Hi,
> Have you tried to reinstall smbldap-tools? We have the same smbldap-tools
> package (0.9.4-1), but the file smbldap-useradd appears to be different.
> The same content that you indicate as line 231, in our file is on line 202.
>
> Regards,
> Tisdn
>
>
> 2009/6/26 Arnaud Mombrial <arnaud.mombrial at fabernovel.com>
>
> > Hi Samba People !
> >
> > I'm experiencing some issues with the smbldap-tools suite and post it
> > here in
> > hope someone could give me some help. I want first to thank you if you
> > take teh
> > time to read my message til the end, as it's a little bit long ;)
> >
> > We do have a Debian Box on our LAN we use primarily as a File Server.
> > This server has initially been setup with Etch (4.0, net-install). I've
> > upgraded it
> > to Lenny (5.0) few days ago, and problems start to rise :/
> >
> > Here is the problem that makes me crazy for 15 days now :
> >
> > ----
> > fano2:~# smbldap-useradd -a ploup
> > Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
> > useradd line 232.
> > ---
> >
> >
> > The related lines in smbldap-useradd script are :
> >
> >
> > ----
> > 229 # as grouprid we use the value of the sambaSID attribute for
> > 230 # group of gidNumber=$userGidNumber
> > 231 $group_entry = read_group_entry_gid($userGidNumber);
> > 232 $userGroupSID = $group_entry->get_value('sambaSID');
> > 233 unless ($userGroupSID) {
> > 234 print "Error: SID not set for unix group $userGidNumber\n";
> > 235 print "check if your unix group is mapped to an NT group\n";
> > 236 exit(7);
> > 237 }
> > ----
> >
> >
> > So this script can't retrieve the "sambaSID" value from $group_entry,
> > because
> > $group_entry is not defined.
> >
> > If I add the line
> >
> > ----
> > print "Output of \$userGidNumber\n";
> > ----
> >
> > before line 231, the script output seems consistent :
> >
> > ----
> > fano2:~# smbldap-useradd -a ploup
> > Output of $userGidNumber : 513
> > Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
> > useradd line 233.
> > ----
> >
> > as I do have a gidNumber set with the value 513 for the default group
> > "Domain
> > Users" :
> >
> > ----
> > fano2:~# smbldap-groupshow Domain\ users
> > dn: cn=Domain Users,ou=Groups,dc=faberNoveldap,dc=local
> > objectClass: top,posixGroup,sambaGroupMapping
> > gidNumber: 513
> > cn: Domain Users
> > description: Netbios Domain Users
> > sambaGroupType: 2
> > displayName: Domain Users
> > memberUid: ** Not shown here due to security purpose **
> > sambaSID: S-1-5-21-3439781798-418094041-3636104912-513
> > ----
> >
> > Nevertheless, I can create a user and samba access to share with ldap
> > backend
> > still continue to work, but I've to create my user through numerous steps
> > (smbldap-usershow are here for information purpose) :
> >
> > ----
> > fano2:~# smbldap-useradd ploup
> > fano2:~# smbldap-passwd ploup
> > Changing UNIX password for ploup
> > New password:
> > Retype new password:
> > fano2:~# smbldap-usershow ploup
> > dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
> > objectClass:
> > top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount
> > cn: ploup
> > sn: ploup
> > givenName: ploup
> > uid: ploup
> > uidNumber: 1095
> > gidNumber: 513
> > homeDirectory: /home/ploup
> > loginShell: /bin/bash
> > gecos: System User
> > userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
> > shadowLastChange: 14421
> > shadowMax: 3650
> > fano2:~# smbldap-usermod -a ploup
> > Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
> > usermod line 183.
> > fano2:~# smbldap-usershow ploup
> > dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
> > objectClass:
> >
> > top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,
> >sambaSamAccount cn: ploup
> > sn: ploup
> > givenName: ploup
> > uid: ploup
> > uidNumber: 1095
> > gidNumber: 513
> > homeDirectory: /home/ploup
> > loginShell: /bin/bash
> > gecos: System User
> > userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
> > shadowLastChange: 14421
> > shadowMax: 3650
> > sambaPwdLastSet: 0
> > sambaLogonTime: 0
> > sambaLogoffTime: 2147483647
> > sambaKickoffTime: 2147483647
> > sambaPwdCanChange: 0
> > sambaPwdMustChange: 2147483647
> > sambaSID: S-1-5-21-3439781798-418094041-3636104912-3190
> > sambaAcctFlags: [UX]
> > ----
> >
> > As you can see, the "smbldap-usermod -a" returns an error, but the
> > scripts creates at least some samba related attributes.
> >
> > But "sambaPrimaryGroupSID" is not set....
> >
> > I can now use phpldapadmin to add the sambaPrimaryGroupSID and set it to
> > : S-1-5-21-3439781798-418094041-3636104912-513 without any problems...
> >
> >
> > I add here the output of some commands :
> >
> >
> > fano2:~# slaptest
> > /usr/local/etc/openldap/slapd.conf: line 84: rootdn is always granted
> > unlimited privileges.
> > config file testing succeeded
> >
> >
> > fano2:~# testparm
> > Load smb config files from /etc/samba/smb.conf
> > Processing section "[** Not shown here due to security purpose **]"
> > [Snip.]
> > Processing section "[** Not shown here due to security purpose **]"
> > Loaded services file OK.
> > WARNING: You have some share names that are longer than 12 characters.
> > These may not be accessible to some older clients.
> > (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
> > Server role: ROLE_DOMAIN_PDC
> > [Snip.]
> >
> >
> > fano2:~# aptitude search ldap | grep ^i
> > i ldap-utils - OpenLDAP utilities
> > i ldapscripts - Add and remove user and groups
> > (stored in
> > i libldap-2.3-0 - OpenLDAP libraries
> > i libldap-2.4-2 - OpenLDAP libraries
> > i libldap2 - OpenLDAP libraries
> > i libldap2-dev - OpenLDAP development libraries
> > i A libnet-ldap-perl - A Client interface to LDAP servers
> > i A libnss-ldap - NSS module for using LDAP as a naming
> > serv
> > i A libpam-ldap - Pluggable Authentication Module for
> > LDAP i php5-ldap - LDAP module for php5
> > i smbldap-tools - Scripts to manage Unix and Samba
> > account
> >
> >
> > fano2:~# dpkg -l smbldap-tools
> > Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
> >
> > | État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-
> >
> > installé/W=attend-traitement-déclenchements
> >
> > |/ Err?=(aucune)/H=à garder/besoin Réinstallation/X=les deux (État,Err:
> >
> > majuscule=mauvais)
> >
> > ||/ Nom Version Description
> >
> > +++-=========================-=========================-
> > ==================================================================
> > ii smbldap-tools 0.9.4-1 Scripts to manage
> > Unix
> > and Samba accounts stored on LDAP
> >
> >
> > fano2:~# cat /etc/apt/sources.list
> > deb http://ftp.fr.debian.org/debian/ lenny main contrib non-free
> > deb-src http://ftp.fr.debian.org/debian/ lenny main contrib non-free
> >
> > deb http://security.debian.org/ lenny/updates main contrib non-free
> > deb-src http://security.debian.org/ lenny/updates main contrib non-free
> >
> > deb http://www.backports.org/debian lenny-backports main contrib non-free
> >
> >
> > Thx for Reading gurus.
> >
> >
> > ……………………………………………………………….
> > Arnaud Mombrial • faberNovel
> >
> > E-mail : arnaud.mombrial at fabernovel.com
> > Tél. : +33 1 42 72 2004 • Mobile : +33 6 64 20 43 24
> > 42, boulevard de Sébastopol 75003 Paris France
> > 1436 A Howard Street San Francisco CA 94103 USA
> > Web : www.faberNovel.com
> > ………………………………………………………………..
> > This email is : [ ] bloggable [ ] ask first [X] private
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
……………………………………………………………….
Arnaud Mombrial • faberNovel
E-mail : arnaud.mombrial at fabernovel.com
Tél. : +33 1 42 72 2004 • Mobile : +33 6 64 20 43 24
42, boulevard de Sébastopol 75003 Paris France
1436 A Howard Street San Francisco CA 94103 USA
Web : www.faberNovel.com
………………………………………………………………..
This email is : [ ] bloggable [ ] ask first [X] private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba/attachments/20090701/5e718b62/attachment.bin
More information about the samba
mailing list