[Samba] smblap-useradd problem

Arnaud Mombrial arnaud.mombrial at fabernovel.com
Fri Jun 26 10:41:32 GMT 2009 

Hi Samba People !

I'm experiencing some issues with the smbldap-tools suite and post it here in 
hope someone could give me some help. I want first to thank you if you take teh 
time to read my message til the end, as it's a little bit long ;)

We do have a Debian Box on our LAN we use primarily as a File Server. This 
server has initially been setup with Etch (4.0, net-install). I've upgraded it 
to Lenny (5.0) few days ago, and problems start to rise :/

Here is the problem that makes me crazy for 15 days now : 

----
fano2:~# smbldap-useradd -a ploup
Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
useradd line 232.
---


The related lines in smbldap-useradd script are : 


----
229    # as grouprid we use the value of the sambaSID attribute for
230    # group of gidNumber=$userGidNumber
231    $group_entry = read_group_entry_gid($userGidNumber);
232    $userGroupSID = $group_entry->get_value('sambaSID');
233    unless ($userGroupSID) {
234        print "Error: SID not set for unix group $userGidNumber\n";
235        print "check if your unix group is mapped to an NT group\n";
236        exit(7);
237    }
----


So this script can't retrieve the "sambaSID" value from $group_entry, because 
$group_entry is not defined.

If I add the line 

----
print  "Output of \$userGidNumber\n"; 
----

before line 231, the script output seems consistent : 

----
fano2:~# smbldap-useradd -a ploup
Output of $userGidNumber : 513
Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
useradd line 233.
----

as I do have a gidNumber set with the value 513 for the default group "Domain 
Users" :

----
fano2:~# smbldap-groupshow Domain\ users
dn: cn=Domain Users,ou=Groups,dc=faberNoveldap,dc=local
objectClass: top,posixGroup,sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaGroupType: 2
displayName: Domain Users
memberUid: ** Not shown here due to security purpose **
sambaSID: S-1-5-21-3439781798-418094041-3636104912-513
----

Nevertheless, I can create a user and samba access to share with ldap backend 
still continue to work, but I've to create my user through numerous steps 
(smbldap-usershow are here for information purpose) :

----
fano2:~# smbldap-useradd ploup
fano2:~# smbldap-passwd ploup
Changing UNIX password for ploup
New password:
Retype new password:
fano2:~# smbldap-usershow ploup
dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
objectClass: 
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount
cn: ploup
sn: ploup
givenName: ploup
uid: ploup
uidNumber: 1095
gidNumber: 513
homeDirectory: /home/ploup
loginShell: /bin/bash
gecos: System User
userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
shadowLastChange: 14421
shadowMax: 3650
fano2:~# smbldap-usermod -a ploup
Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
usermod line 183.
fano2:~# smbldap-usershow ploup
dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
objectClass: 
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
cn: ploup
sn: ploup
givenName: ploup
uid: ploup
uidNumber: 1095
gidNumber: 513
homeDirectory: /home/ploup
loginShell: /bin/bash
gecos: System User
userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
shadowLastChange: 14421
shadowMax: 3650
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-3439781798-418094041-3636104912-3190
sambaAcctFlags: [UX]
----

As you can see, the "smbldap-usermod -a" returns an error, but the scripts 
creates at least some samba related attributes.

But "sambaPrimaryGroupSID" is not set....

I can now use phpldapadmin to add the sambaPrimaryGroupSID and set it to :
S-1-5-21-3439781798-418094041-3636104912-513 without any problems...


I add here the output of some commands :


fano2:~# slaptest
/usr/local/etc/openldap/slapd.conf: line 84: rootdn is always granted 
unlimited privileges.
config file testing succeeded


fano2:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[** Not shown here due to security purpose **]"
[Snip.]
Processing section "[** Not shown here due to security purpose **]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_PDC
[Snip.]


fano2:~# aptitude search ldap | grep ^i
i   ldap-utils                      - OpenLDAP utilities
i   ldapscripts                    - Add and remove user and groups (stored in
i   libldap-2.3-0                   - OpenLDAP libraries
i   libldap-2.4-2                   - OpenLDAP libraries
i   libldap2                        - OpenLDAP libraries
i   libldap2-dev                  - OpenLDAP development libraries
i A libnet-ldap-perl             - A Client interface to LDAP servers
i A libnss-ldap                   - NSS module for using LDAP as a naming serv
i A libpam-ldap                  - Pluggable Authentication Module for LDAP
i   php5-ldap                      - LDAP module for php5
i   smbldap-tools                - Scripts to manage Unix and Samba account


fano2:~# dpkg -l smbldap-tools
Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
| État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-
installé/W=attend-traitement-déclenchements
|/ Err?=(aucune)/H=à garder/besoin Réinstallation/X=les deux (État,Err: 
majuscule=mauvais)
||/ Nom                       Version                   Description
+++-=========================-=========================-
==================================================================
ii  smbldap-tools             0.9.4-1                   Scripts to manage Unix 
and Samba accounts stored on LDAP


fano2:~# cat /etc/apt/sources.list
deb http://ftp.fr.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.fr.debian.org/debian/ lenny main contrib non-free

deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free

deb http://www.backports.org/debian lenny-backports main contrib non-free


Thx for Reading gurus.


……………………………………………………………….
Arnaud Mombrial • faberNovel

E-mail : arnaud.mombrial at fabernovel.com 
Tél. : +33 1 42 72 2004 • Mobile : +33 6 64 20 43 24
42, boulevard de Sébastopol  75003 Paris  France
1436 A Howard Street  San Francisco  CA 94103  USA
Web : www.faberNovel.com
………………………………………………………………..
This email is :  [ ] bloggable   [ ] ask first   [X] private

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba/attachments/20090626/f6469453/attachment.bin

More information about the samba mailing list