[Samba] error adding a user

Daniel Müller mueller at tropenklinik.de
Mon Jan 3 01:54:39 MST 2011 

First of all which kind of Windows are you using. Usermgr with XP is ok
with Windows Vista/7 no chance.
To use usrmgr under xp and 2000 you must fit your ldap.conf and your
smb.conf and youse smbldap-tools or similar:
in your smb.conf there should be something like:
add user script = /usr/local/sbin/smbldap-useradd  -A 1 -B 1 -m -k /dummy
"%u"

to fit the right params for your linux OS you have to try.


or ldap.conf, ex :
base    dc=your,dc=domain
nss_base_passwd ou=Users,dc=your,dc=domain?sub
nss_base_passwd ou=Computers,dc=your,dc=domain?sub
nss_base_shadow ou=Users,dc=your,dc=domain?sub
nss_base_group ou=Groups,dc=yourc,dc=domain?one

In your slapd.conf , ex:
access to attrs=sambaLMPassword
        by self write
        by anonymous auth
        by dn="cn=admin,dc=your,dc=domain" write
        by * none

access to attrs=sambaNTPassword
        by self write
        by anonymous auth
        by dn="cn=admin,dc=your,dc=domain" write
        by * none

access to attrs=sambaPwdLastSet,sambaPwdMustChange
        by self write
        by anonymous auth
        by dn="cn=admin,dc=your,dc=domain" write
        by * none

On Sun, 2 Jan 2011 22:44:20 +0100, Marco Ciampa <ciampix at libero.it> wrote:
> On Fri, Dec 31, 2010 at 04:34:05AM +0100, Marco Ciampa wrote:
>> Sorry for (I'm shure) my stupid question (and my bad english)...
>> 
>> If this is not the right place to post this kind of question forgive me
>> and please point me to the right mailinglist.
>> 
>> I've a Samba 3 that works with an openldap server as a sole domain
>> controller.
>> 
>> I used to use the Microsoft usermanager.
>> After a general migration/upgrate I am not able to create new users
>> anymore.
>> I can do it with the smbldap-tools, manually only from the root user
but
>> if I do it through the usermanager it gives me an error.
>> A net user add command done with the same adminitrator user give me
this
>> error:
>> 
>> Failed to add user 'pippo' with: WERR_GENERAL_FAILURE.
>> 
>> from the logs:
>> 
>> [2010/12/31 04:30:44,  0]
passdb/pdb_ldap.c:2197(ldapsam_add_sam_account)
>>   ldapsam_add_sam_account: User 'pippo' already in the base, with samba
>>   attributes
>> 
>> Any hint?
> 
> Need some other info?
> 
> I've seen in the Internet many times asked this question so it seems a
> recurring problem but with generic answers (check all your conf
> data/permission/so on...) or no answer at all...
> 
> Maybe it is a generic-catch-all error message a la Windows so it could
> be fired by a hundred reasons or what?
> 
> Sorry I am not a Samba nor LDAP expert... you see...
> 
> -- 
> 
> 
> Marco Ciampa
> 
> +--------------------+
> | Linux User  #78271 |
> | FSFE fellow   #364 |
> +--------------------+

More information about the samba mailing list