[Samba] error adding a user

Marco Ciampa ciampix at libero.it
Mon Jan 3 11:05:51 MST 2011

On Mon, Jan 03, 2011 at 09:54:39AM +0100, Daniel Müller wrote:
> First of all which kind of Windows are you using. Usermgr with XP is ok
> with Windows Vista/7 no chance.

ok I'm using XP...

> To use usrmgr under xp and 2000 you must fit your ldap.conf and your
> smb.conf and youse smbldap-tools or similar:
> in your smb.conf there should be something like:
> add user script = /usr/local/sbin/smbldap-useradd  -A 1 -B 1 -m -k /dummy
> "%u"

if I use:

 add user script = smbldap-useradd -a -m "%u"

it gives me the error reported above. If I use:

 add user script = smbldap-useradd -m "%u"

it works. It seems that Samba creates the samba specific objects to the
ldap server directly. If I am no wrong, the option -a to smbldap-useradd
should be used only if the script is called from outside samba (as in a
user populating script, for example...)

Am I write or am I wrong? I understand that these basic concepts are
important. I can't do forward without before clarifying this ... :-(

> to fit the right params for your linux OS you have to try.
> or ldap.conf, ex :
> base    dc=your,dc=domain
> nss_base_passwd ou=Users,dc=your,dc=domain?sub
> nss_base_passwd ou=Computers,dc=your,dc=domain?sub
> nss_base_shadow ou=Users,dc=your,dc=domain?sub
> nss_base_group ou=Groups,dc=yourc,dc=domain?one
> In your slapd.conf , ex:
> access to attrs=sambaLMPassword
>         by self write
>         by anonymous auth
>         by dn="cn=admin,dc=your,dc=domain" write
>         by * none
> access to attrs=sambaNTPassword
>         by self write
>         by anonymous auth
>         by dn="cn=admin,dc=your,dc=domain" write
>         by * none
> access to attrs=sambaPwdLastSet,sambaPwdMustChange
>         by self write
>         by anonymous auth
>         by dn="cn=admin,dc=your,dc=domain" write
>         by * none

My slapd.conf is this, for what I understand, it could be right...

access to attrs=userPassword,sambaNTPassword,sambaLMPassword
        by dn="cn=admin,dc=lsgalilei,dc=org" write
        by anonymous auth
        by self write
        by * none


Next problem:

User deleting through usermanager is not able to delete the home directory.

Maybe it is this fault:

 ldap delete dn = yes

if Samba delete the ldap object the smbldap-userdel script have no chance to delete an already deleted user...


 ldap delete dn = no

seems to cure. Again: am I right or am I totally wrong?

Next problem:

I can't browse the groups during user creation step in the usermanager
or, after creating the user, browse its groups...

It seems (looking into samba logs) that it insists to search a group
"Users" instead of "Domain Users"... mmm where could it be wrong?
Ldap or Samba ... tomorrow I will investigate more deeply...

Thank you _very much_ for your help and support.

Very often happens to me that just the action of trying to expose a
problem to someonelse help me a lot clarifying myself...


Marco Ciampa

| Linux User  #78271 |
| FSFE fellow   #364 |

More information about the samba mailing list