[Samba] smblap-useradd problem

tisdn tisdn tisdn.livre at gmail.com
Fri Jun 26 16:25:41 GMT 2009 

Hi,
Have you tried to reinstall smbldap-tools? We have the same smbldap-tools
package (0.9.4-1), but the file smbldap-useradd appears to be different. The
same content that you indicate as line 231, in our file is on line 202.

Regards,
Tisdn


2009/6/26 Arnaud Mombrial <arnaud.mombrial at fabernovel.com>

>
> Hi Samba People !
>
> I'm experiencing some issues with the smbldap-tools suite and post it here
> in
> hope someone could give me some help. I want first to thank you if you take
> teh
> time to read my message til the end, as it's a little bit long ;)
>
> We do have a Debian Box on our LAN we use primarily as a File Server. This
> server has initially been setup with Etch (4.0, net-install). I've upgraded
> it
> to Lenny (5.0) few days ago, and problems start to rise :/
>
> Here is the problem that makes me crazy for 15 days now :
>
> ----
> fano2:~# smbldap-useradd -a ploup
> Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
> useradd line 232.
> ---
>
>
> The related lines in smbldap-useradd script are :
>
>
> ----
> 229    # as grouprid we use the value of the sambaSID attribute for
> 230    # group of gidNumber=$userGidNumber
> 231    $group_entry = read_group_entry_gid($userGidNumber);
> 232    $userGroupSID = $group_entry->get_value('sambaSID');
> 233    unless ($userGroupSID) {
> 234        print "Error: SID not set for unix group $userGidNumber\n";
> 235        print "check if your unix group is mapped to an NT group\n";
> 236        exit(7);
> 237    }
> ----
>
>
> So this script can't retrieve the "sambaSID" value from $group_entry,
> because
> $group_entry is not defined.
>
> If I add the line
>
> ----
> print  "Output of \$userGidNumber\n";
> ----
>
> before line 231, the script output seems consistent :
>
> ----
> fano2:~# smbldap-useradd -a ploup
> Output of $userGidNumber : 513
> Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
> useradd line 233.
> ----
>
> as I do have a gidNumber set with the value 513 for the default group
> "Domain
> Users" :
>
> ----
> fano2:~# smbldap-groupshow Domain\ users
> dn: cn=Domain Users,ou=Groups,dc=faberNoveldap,dc=local
> objectClass: top,posixGroup,sambaGroupMapping
> gidNumber: 513
> cn: Domain Users
> description: Netbios Domain Users
> sambaGroupType: 2
> displayName: Domain Users
> memberUid: ** Not shown here due to security purpose **
> sambaSID: S-1-5-21-3439781798-418094041-3636104912-513
> ----
>
> Nevertheless, I can create a user and samba access to share with ldap
> backend
> still continue to work, but I've to create my user through numerous steps
> (smbldap-usershow are here for information purpose) :
>
> ----
> fano2:~# smbldap-useradd ploup
> fano2:~# smbldap-passwd ploup
> Changing UNIX password for ploup
> New password:
> Retype new password:
> fano2:~# smbldap-usershow ploup
> dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
> objectClass:
> top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount
> cn: ploup
> sn: ploup
> givenName: ploup
> uid: ploup
> uidNumber: 1095
> gidNumber: 513
> homeDirectory: /home/ploup
> loginShell: /bin/bash
> gecos: System User
> userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
> shadowLastChange: 14421
> shadowMax: 3650
> fano2:~# smbldap-usermod -a ploup
> Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-
> usermod line 183.
> fano2:~# smbldap-usershow ploup
> dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
> objectClass:
>
> top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
> cn: ploup
> sn: ploup
> givenName: ploup
> uid: ploup
> uidNumber: 1095
> gidNumber: 513
> homeDirectory: /home/ploup
> loginShell: /bin/bash
> gecos: System User
> userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
> shadowLastChange: 14421
> shadowMax: 3650
> sambaPwdLastSet: 0
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaSID: S-1-5-21-3439781798-418094041-3636104912-3190
> sambaAcctFlags: [UX]
> ----
>
> As you can see, the "smbldap-usermod -a" returns an error, but the scripts
> creates at least some samba related attributes.
>
> But "sambaPrimaryGroupSID" is not set....
>
> I can now use phpldapadmin to add the sambaPrimaryGroupSID and set it to :
> S-1-5-21-3439781798-418094041-3636104912-513 without any problems...
>
>
> I add here the output of some commands :
>
>
> fano2:~# slaptest
> /usr/local/etc/openldap/slapd.conf: line 84: rootdn is always granted
> unlimited privileges.
> config file testing succeeded
>
>
> fano2:~# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[** Not shown here due to security purpose **]"
> [Snip.]
> Processing section "[** Not shown here due to security purpose **]"
> Loaded services file OK.
> WARNING: You have some share names that are longer than 12 characters.
> These may not be accessible to some older clients.
> (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
> Server role: ROLE_DOMAIN_PDC
> [Snip.]
>
>
> fano2:~# aptitude search ldap | grep ^i
> i   ldap-utils                      - OpenLDAP utilities
> i   ldapscripts                    - Add and remove user and groups (stored
> in
> i   libldap-2.3-0                   - OpenLDAP libraries
> i   libldap-2.4-2                   - OpenLDAP libraries
> i   libldap2                        - OpenLDAP libraries
> i   libldap2-dev                  - OpenLDAP development libraries
> i A libnet-ldap-perl             - A Client interface to LDAP servers
> i A libnss-ldap                   - NSS module for using LDAP as a naming
> serv
> i A libpam-ldap                  - Pluggable Authentication Module for LDAP
> i   php5-ldap                      - LDAP module for php5
> i   smbldap-tools                - Scripts to manage Unix and Samba account
>
>
> fano2:~# dpkg -l smbldap-tools
> Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
> | État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-
> installé/W=attend-traitement-déclenchements
> |/ Err?=(aucune)/H=à garder/besoin Réinstallation/X=les deux (État,Err:
> majuscule=mauvais)
> ||/ Nom                       Version                   Description
> +++-=========================-=========================-
> ==================================================================
> ii  smbldap-tools             0.9.4-1                   Scripts to manage
> Unix
> and Samba accounts stored on LDAP
>
>
> fano2:~# cat /etc/apt/sources.list
> deb http://ftp.fr.debian.org/debian/ lenny main contrib non-free
> deb-src http://ftp.fr.debian.org/debian/ lenny main contrib non-free
>
> deb http://security.debian.org/ lenny/updates main contrib non-free
> deb-src http://security.debian.org/ lenny/updates main contrib non-free
>
> deb http://www.backports.org/debian lenny-backports main contrib non-free
>
>
> Thx for Reading gurus.
>
>
> ……………………………………………………………….
> Arnaud Mombrial • faberNovel
>
> E-mail : arnaud.mombrial at fabernovel.com
> Tél. : +33 1 42 72 2004 • Mobile : +33 6 64 20 43 24
> 42, boulevard de Sébastopol  75003 Paris  France
> 1436 A Howard Street  San Francisco  CA 94103  USA
> Web : www.faberNovel.com
> ………………………………………………………………..
> This email is :  [ ] bloggable   [ ] ask first   [X] private
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list