[Samba] Issues with users and groups they belong to

Marcelo Zabani mzabani at gmail.com
Fri Jun 27 16:02:33 MDT 2014


Hello everyone,

I'm having a problem with the replication of the Active Directory from a
Windows Server 2003 r2 DC to a Samba 4.1.6 (Ubuntu 14.04) DC.

The problem we have is that the *memberOf* attribute is missing on two
users in the Samba ldap database after adding them to a group on the
Windows DC. I can't easily add these through a Ldap administration tool and
can't add them to the group through *samba-tool*. I've even tried removing
them to be able to add them again to the group*,* but was not able to
remove them from the group with samba-tool. The funny thing is that looking
at the group through the Ldap tool shows that the user is in the group
(only the *memberOf* attribute is missing).

The following shows some more detail:

*DBCHECK:*












*root at servernovo:/home/elite# samba-tool dbcheck Checking 1508 objects
ERROR: missing backlink attribute 'memberOf' in CN=Aline Cristina
Rodrigues,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br for link
member in
CN=Financeiro2,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br Not
fixing missing backlink memberOf ERROR: missing backlink attribute
'memberOf' in CN=Tailane Silva dos Santos
Almeida,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br for link
member in
CN=Pedagogico,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br Not
fixing missing backlink memberOf ERROR: missing backlink attribute
'memberOf' in CN=Aline Cristina
Rodrigues,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br for link
member in
CN=Financeiro,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br Not
fixing missing backlink memberOf ERROR: missing backlink attribute
'memberOf' in CN=Tailane Silva dos Santos
Almeida,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br for link
member in
CN=Atendimento,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br Not
fixing missing backlink memberOf Please use --fix to fix these errors
Checked 1508 objects (4 errors)*


*REMOVING FROM GROUP:*


*root at servernovo:/home/elite# samba-tool group removemembers pedagogico
tailane*
*../source4/dsdb/samdb/ldb_modules/linked_attributes.c:1132: failed to
apply linked attribute change 'attribute 'memberOf': no matching attribute
value while deleting attribute on 'CN=Tailane Silva dos Santos
Almeida,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br''*
*dn:
<GUID=ffd5b807-7464-47a8-8cc3-6373c32d9d03>;<SID=S-1-5-21-825060708-2637176727-2735268678-1497>;CN=Tailane
Silva dos Santos
Almeida,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br*
*changetype: modify*
*delete: memberOf*
*memberOf:
<GUID=82614147-73fa-4501-bfd2-c758053cd84c>;<SID=S-1-5-21-825060708-*
*2637176727-2735268678-1114>;CN=Pedagogico,CN=Users,DC=escritorio,DC=elitecamp*
*inas,DC=com,DC=br*


*../source4/dsdb/samdb/ldb_modules/linked_attributes.c:1208: Failed mod
request ret=16 ERROR(ldb): Failed to remove members "tailane" from group
"pedagogico" - attribute 'memberOf': no matching attribute value while
deleting attribute on 'CN=Tailane Silva dos Santos
Almeida,CN=Users,DC=escritorio,DC=elitecampinas,DC=com,DC=br'*


I know I've asked a lot, but are there any resources on things that might
go wrong when I shut down my Windows Server 2003 instance for good (keeping
only our Samba DC)?

Thanks in advance,

Marcelo.


More information about the samba mailing list