[Samba] Re: pdbedit dosen't send the sambaSID to the ldap

guido at lorenzutti.com.ar guido at lorenzutti.com.ar
Sat Mar 7 21:16:26 GMT 2009 

> Hi people: I have a Debian etch stable with the latests updates.
> When I try to join a computer to the domain I create the
> machine on the ldap and its created with the following atributes:
>
> dn:cn=test$,ou=Machines,dc=domain,dc=org
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> uidNumber: 3123
> uid: test$
> cn: test$
> sn: test$
> gidNumber: 604
> homeDirectory: /dev/null
> loginShell: /bin/false
> gecos: Machine Account
> description: Machine Account
>
> Then, in the samba I run:
>
> pdbedit -am test
>
> And this is the output...
>
> ldapsam_add_sam_account: User exists without samba attributes: adding them
> init_ldap_from_sam: Setting entry for user: test$
> smbldap_modify: dn => [cn=test$,ou=Machines,dc=domain,dc=org]
> ldapsam_modify_entry: Failed to modify user dn=
> cn=test$,ou=Machines,dc=domain,dc=org with: Object class violation
> object class 'sambaSamAccount' requires attribute 'sambaSID'
> ldapsam_add_sam_account: failed to modify/add user with uid = test$ (dn
> = cn=zigo$,ou=Systems,dc=domain,dc=int)
> Unable to add machine! (does it already exist?)
>
> I set the debug level in the ldap and I can't see the pdbedit sending any
> sambaSID atributte. So I can't think this is a schema problem...
>
> Any ideas? Why is this happening?? I have found nothing on the net to help
> me...
>
> Tnxs in advance.
>


Anyone knowing something?
I found some PDC NOT with the latest updates from Debian Etch, but with
the same Samba version and they work!

This is the output of the working version:

account_policy_get: name: maximum password age, val: -1
account_policy_get: name: minimum password age, val: 0
pdb_set_username: setting username test$, was test$
smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
[(&(uid=test$)(objectclass=sambaSamAccount))], scope => [2]
smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
[(&(sambaSID=S-1-5-21-2281447165-45835457-3575675572-31254)(objectclass=sambaSamAccount))],
scope => [2]
smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
[(uid=test$)], scope => [2]
ldapsam_add_sam_account: User exists without samba attributes: adding them
smbldap_make_mod: attribute |uid| not changed.
init_ldap_from_sam: Setting entry for user: test$
smbldap_get_single_attribute: [sambaSID] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaSID| value
|S-1-5-21-2281447165-45835457-3575675572-31254|
smbldap_get_single_attribute: [displayName] = [<does not exist>]
smbldap_make_mod: adding attribute |displayName| value |Computer|
smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1236459494|
smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaPwdMustChange| value |2147483647|
smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaNTPassword| value
|0CB6948805F797BF2A82807973B89537|
smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1236459494|
smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W          ]|
smbldap_modify: dn =>
[uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar]
rebindproc_connect_with_state: Rebinding to
ldaps://10.8.2.100/uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar
as "uid=sarmiento-proxy,ou=security,dc=jusbaires,dc=gov,dc=ar"
rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)
ldapsam_add_sam_account: added: uid == test$ in the LDAP database
smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
[(&(uid=test$)(objectclass=sambaSamAccount))], scope => [2]
smbldap_search_ext: waiting 866 milliseconds for LDAP replication.
smbldap_search_ext: go on!
init_sam_from_ldap: Entry found for user: test$
pdb_set_username: setting username test$, was
pdb_set_domain: setting domain JUSBAIRES, was
pdb_set_nt_username: setting nt username test$, was
pdb_set_user_sid_from_string: setting user sid
S-1-5-21-2281447165-45835457-3575675572-31254
pdb_set_user_sid: setting user sid
S-1-5-21-2281447165-45835457-3575675572-31254
smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>]
smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>]
smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>]
pdb_set_full_name: setting full name Computer, was
smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>]
pdb_set_dir_drive: setting dir drive C:, was NULL
smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>]
pdb_set_homedir: setting home dir \\pdc\profiles\test_, was
smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>]
pdb_set_logon_script: setting logon script netlogon.test_.bat, was
smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>]
pdb_set_profile_path: setting profile path \\pdc\profiles\test_, was
smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>]
smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>]
smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
account_policy_get: name: password history, val: 0
smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>]
smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>]
smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>]
Opening cache file at /var/cache/samba/login_cache.tdb
Looking up login cache for user test$
No cache entry found
No cache entry, bad count = 0, bad time = 0
Unix username:        test$
NT username:          test$
Account Flags:        [W          ]
User SID:             S-1-5-21-2281447165-45835457-3575675572-31254
Finding user test$
Trying _Get_Pwnam(), username as lowercase is test$
Got test$ from pwnam_cache
Get_Pwnam_internals did find user [test$]!
smbldap_search_ext: base => [ou=Group,dc=jusbaires,dc=gov,dc=ar], filter
=> [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2]
init_group_from_ldap: Entry found for group: 515
Accepting SID S-1-5-21-2281447165-45835457-3575675572 in level 1
lookup_global_sam_rid: looking up RID 515.
smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
[(&(sambaSID=S-1-5-21-2281447165-45835457-3575675572-515)(objectclass=sambaSamAccount))],
scope => [2]
ldapsam_getsampwsid: Unable to locate SID
[S-1-5-21-2281447165-45835457-3575675572-515] count=0
smbldap_search_ext: base => [ou=Group,dc=jusbaires,dc=gov,dc=ar], filter
=>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2281447165-45835457-3575675572-515))],
scope => [2]
init_group_from_ldap: Entry found for group: 515
lookup_rids: Domain Computers:2
Sid S-1-5-21-2281447165-45835457-3575675572-515 -> JUSBAIRES\Domain
Computers(2)
Primary Group SID:    S-1-5-21-2281447165-45835457-3575675572-515
Full Name:            Computer
Home Directory:       \\pdc\profiles\test_
HomeDir Drive:        C:
Logon Script:         netlogon.test_.bat


This is the output of the NOT working version:

account_policy_get: name: maximum password age, val: -1
account_policy_get: name: minimum password age, val: 0
account_policy_get: name: password history, val: 0
pdb_set_username: setting username beruti-proxy$, was
smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
[(&(uid=beruti-proxy$)(objectclass=sambaSamAccount))], scope => [2]
smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
[(uid=beruti-proxy$)], scope => [2]
ldapsam_add_sam_account: User exists without samba attributes: adding them
smbldap_make_mod: attribute |uid| not changed.
init_ldap_from_sam: Setting entry for user: beruti-proxy$
smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1236459262|
smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaPwdMustChange| value
|9223372036854775807|
smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaNTPassword| value
|A506EB2FCE65B16CF8EF7E05D2971B16|
account_policy_get: name: password history, val: 0
smbldap_get_single_attribute: [sambaPasswordHistory] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaPasswordHistory| value
|0000000000000000000000000000000000000000000000000000000000000000|
smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1236459262|
smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>]
smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W          ]|
smbldap_modify: dn =>
[uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar]
rebindproc_connect_with_state: Rebinding to
ldaps://10.8.2.100/uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar
as "uid=beruti-dns1,ou=security,dc=jusbaires,dc=gov,dc=ar"
rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)
Failed to modify dn:
uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar, error:
Object class violation (object class 'sambaSamAccount' requires attribute
'sambaSID')
ldapsam_add_sam_account: failed to modify/add user with uid =
beruti-proxy$ (dn =
uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar)
Unable to add machine! (does it already exist?)


By the way, the version of the debian package is: 3.0.24-6etch10.

Slds.

More information about the samba mailing list