[Samba] Re: pdbedit dosen't send the sambaSID to the ldap

guido at lorenzutti.com.ar guido at lorenzutti.com.ar
Fri Mar 13 12:21:10 GMT 2009


>> Hi people: I have a Debian etch stable with the latests updates.
>> When I try to join a computer to the domain I create the
>> machine on the ldap and its created with the following atributes:
>>
>> dn:cn=test$,ou=Machines,dc=domain,dc=org
>> objectClass: top
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> uidNumber: 3123
>> uid: test$
>> cn: test$
>> sn: test$
>> gidNumber: 604
>> homeDirectory: /dev/null
>> loginShell: /bin/false
>> gecos: Machine Account
>> description: Machine Account
>>
>> Then, in the samba I run:
>>
>> pdbedit -am test
>>
>> And this is the output...
>>
>> ldapsam_add_sam_account: User exists without samba attributes: adding
>> them
>> init_ldap_from_sam: Setting entry for user: test$
>> smbldap_modify: dn => [cn=test$,ou=Machines,dc=domain,dc=org]
>> ldapsam_modify_entry: Failed to modify user dn=
>> cn=test$,ou=Machines,dc=domain,dc=org with: Object class violation
>> object class 'sambaSamAccount' requires attribute 'sambaSID'
>> ldapsam_add_sam_account: failed to modify/add user with uid = test$ (dn
>> = cn=zigo$,ou=Systems,dc=domain,dc=int)
>> Unable to add machine! (does it already exist?)
>>
>> I set the debug level in the ldap and I can't see the pdbedit sending
>> any
>> sambaSID atributte. So I can't think this is a schema problem...
>>
>> Any ideas? Why is this happening?? I have found nothing on the net to
>> help
>> me...
>>
>> Tnxs in advance.
>>
>
>
> Anyone knowing something?
> I found some PDC NOT with the latest updates from Debian Etch, but with
> the same Samba version and they work!
>
> This is the output of the working version:
>
> account_policy_get: name: maximum password age, val: -1
> account_policy_get: name: minimum password age, val: 0
> pdb_set_username: setting username test$, was test$
> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
> [(&(uid=test$)(objectclass=sambaSamAccount))], scope => [2]
> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
> [(&(sambaSID=S-1-5-21-2281447165-45835457-3575675572-31254)(objectclass=sambaSamAccount))],
> scope => [2]
> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
> [(uid=test$)], scope => [2]
> ldapsam_add_sam_account: User exists without samba attributes: adding them
> smbldap_make_mod: attribute |uid| not changed.
> init_ldap_from_sam: Setting entry for user: test$
> smbldap_get_single_attribute: [sambaSID] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaSID| value
> |S-1-5-21-2281447165-45835457-3575675572-31254|
> smbldap_get_single_attribute: [displayName] = [<does not exist>]
> smbldap_make_mod: adding attribute |displayName| value |Computer|
> smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1236459494|
> smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaPwdMustChange| value |2147483647|
> smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
> smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaNTPassword| value
> |0CB6948805F797BF2A82807973B89537|
> smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1236459494|
> smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W          ]|
> smbldap_modify: dn =>
> [uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar]
> rebindproc_connect_with_state: Rebinding to
> ldaps://10.8.2.100/uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar
> as "uid=sarmiento-proxy,ou=security,dc=jusbaires,dc=gov,dc=ar"
> rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)
> ldapsam_add_sam_account: added: uid == test$ in the LDAP database
> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
> [(&(uid=test$)(objectclass=sambaSamAccount))], scope => [2]
> smbldap_search_ext: waiting 866 milliseconds for LDAP replication.
> smbldap_search_ext: go on!
> init_sam_from_ldap: Entry found for user: test$
> pdb_set_username: setting username test$, was
> pdb_set_domain: setting domain JUSBAIRES, was
> pdb_set_nt_username: setting nt username test$, was
> pdb_set_user_sid_from_string: setting user sid
> S-1-5-21-2281447165-45835457-3575675572-31254
> pdb_set_user_sid: setting user sid
> S-1-5-21-2281447165-45835457-3575675572-31254
> smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>]
> smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>]
> smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>]
> pdb_set_full_name: setting full name Computer, was
> smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>]
> pdb_set_dir_drive: setting dir drive C:, was NULL
> smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>]
> pdb_set_homedir: setting home dir \\pdc\profiles\test_, was
> smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>]
> pdb_set_logon_script: setting logon script netlogon.test_.bat, was
> smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>]
> pdb_set_profile_path: setting profile path \\pdc\profiles\test_, was
> smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not exist>]
> smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>]
> smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
> account_policy_get: name: password history, val: 0
> smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not exist>]
> smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not exist>]
> smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>]
> Opening cache file at /var/cache/samba/login_cache.tdb
> Looking up login cache for user test$
> No cache entry found
> No cache entry, bad count = 0, bad time = 0
> Unix username:        test$
> NT username:          test$
> Account Flags:        [W          ]
> User SID:             S-1-5-21-2281447165-45835457-3575675572-31254
> Finding user test$
> Trying _Get_Pwnam(), username as lowercase is test$
> Got test$ from pwnam_cache
> Get_Pwnam_internals did find user [test$]!
> smbldap_search_ext: base => [ou=Group,dc=jusbaires,dc=gov,dc=ar], filter
> => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2]
> init_group_from_ldap: Entry found for group: 515
> Accepting SID S-1-5-21-2281447165-45835457-3575675572 in level 1
> lookup_global_sam_rid: looking up RID 515.
> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
> [(&(sambaSID=S-1-5-21-2281447165-45835457-3575675572-515)(objectclass=sambaSamAccount))],
> scope => [2]
> ldapsam_getsampwsid: Unable to locate SID
> [S-1-5-21-2281447165-45835457-3575675572-515] count=0
> smbldap_search_ext: base => [ou=Group,dc=jusbaires,dc=gov,dc=ar], filter
> =>
> [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2281447165-45835457-3575675572-515))],
> scope => [2]
> init_group_from_ldap: Entry found for group: 515
> lookup_rids: Domain Computers:2
> Sid S-1-5-21-2281447165-45835457-3575675572-515 -> JUSBAIRES\Domain
> Computers(2)
> Primary Group SID:    S-1-5-21-2281447165-45835457-3575675572-515
> Full Name:            Computer
> Home Directory:       \\pdc\profiles\test_
> HomeDir Drive:        C:
> Logon Script:         netlogon.test_.bat
>
>
> This is the output of the NOT working version:
>
> account_policy_get: name: maximum password age, val: -1
> account_policy_get: name: minimum password age, val: 0
> account_policy_get: name: password history, val: 0
> pdb_set_username: setting username beruti-proxy$, was
> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
> [(&(uid=beruti-proxy$)(objectclass=sambaSamAccount))], scope => [2]
> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter =>
> [(uid=beruti-proxy$)], scope => [2]
> ldapsam_add_sam_account: User exists without samba attributes: adding them
> smbldap_make_mod: attribute |uid| not changed.
> init_ldap_from_sam: Setting entry for user: beruti-proxy$
> smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaPwdCanChange| value |1236459262|
> smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaPwdMustChange| value
> |9223372036854775807|
> smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
> smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaNTPassword| value
> |A506EB2FCE65B16CF8EF7E05D2971B16|
> account_policy_get: name: password history, val: 0
> smbldap_get_single_attribute: [sambaPasswordHistory] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaPasswordHistory| value
> |0000000000000000000000000000000000000000000000000000000000000000|
> smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1236459262|
> smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>]
> smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W          ]|
> smbldap_modify: dn =>
> [uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar]
> rebindproc_connect_with_state: Rebinding to
> ldaps://10.8.2.100/uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar
> as "uid=beruti-dns1,ou=security,dc=jusbaires,dc=gov,dc=ar"
> rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66)
> Failed to modify dn:
> uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar, error:
> Object class violation (object class 'sambaSamAccount' requires attribute
> 'sambaSID')
> ldapsam_add_sam_account: failed to modify/add user with uid =
> beruti-proxy$ (dn =
> uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar)
> Unable to add machine! (does it already exist?)
>
>
> By the way, the version of the debian package is: 3.0.24-6etch10.
>


Any ideas?



More information about the samba mailing list