[Samba] Cannot add user to group in Samba AD DC

Андрей Черепанов cas at altlinux.ru
Wed Oct 15 04:17:32 MDT 2014


15.10.2014 14:09, Rowland Penny пишет:
> On 15/10/14 10:21, Андрей Черепанов wrote:
>> I create domain in Samba AD DC and add user 'cas' and group 'aaa':
>>
>>   # samba-tool user list | grep cas
>>   cas
>>   # samba-tool group list | grep aaa
>>   aaa
>>
>> Now I try to add user 'cas' to group 'aaa':
>>
>>   # samba-tool group addmembers aaa cas -Uadministrator
>>   Added members to group aaa
>>
>> But listmembers does not show this user in group:
>>
>>   # samba-tool group listmembers aaa -Uadministrator
>>   #
>>
>> There is no memberOf fields in sam.ldb for user 'cas':
>>   # LDB_MODULES_PATH=/usr/lib64/samba/ldb ldbsearch \
>>   > -H /var/lib/samba/private/sam.ldb '(cn=cas)' \
>>   > memberOf | grep ^memberOf
>>   #
>>
>> What's wrong?
>>
> Hi, it should work, try:
> 
> ldbsearch -H /var/lib/samba/private/sam.ldb '(cn=cas)'
> 
> This should show the users AD entry, does it have the 'memberOf'
> attribute ?
No.

# LDB_MODULES_PATH=/usr/lib64/samba/ldb ldbsearch -H
/var/lib/samba/private/sam.ldb '(sAMAccountName=cas)'
# record 1
dn: CN=cas,CN=Users,DC=school,DC=alt
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: cas
instanceType: 4
whenCreated: 20140930065140.0Z
uSNCreated: 3714
name: cas
objectGUID: 95126dff-3c57-45bd-8248-c97f921e21d4
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-80639820-2350372464-3293631772-1103
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: cas
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=school,DC=alt
userAccountControl: 512
pwdLastSet: 130570705490000000
whenChanged: 20141006120229.0Z
uSNChanged: 3747
email: cas at altlinux.ru
distinguishedName: CN=cas,CN=Users,DC=school,DC=alt

# Referral
ref: ldap://school.alt/CN=Configuration,DC=school,DC=alt

# Referral
ref: ldap://school.alt/DC=DomainDnsZones,DC=school,DC=alt

# Referral
ref: ldap://school.alt/DC=ForestDnsZones,DC=school,DC=alt

# returned 4 records
# 1 entries
# 3 referrals

I have registered computer with name CAS and little change query to show
only user record.

If I run addmembers with -d 16, I got:
...
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
Security token SIDs (1):
  SID[  0]: S-1-5-18
 Privileges (0xFFFFFFFFFFFFFFFF):
...
 Rights (0x               0):
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[yes] updates allowed[no]
...
schema_fsmo_init: we are master[yes] updates allowed[no]
Added members to group aaa

(some text is skipped)

-- 
Андрей Черепанов
ALT Linux
cas at altlinux.ru


More information about the samba mailing list