[Samba] ldbedit: no matching records - cannot edit (newly-created user)

Jim Seymour jseymour at LinxNet.com
Thu Sep 10 16:08:10 UTC 2015 

On Thu, 10 Sep 2015 16:20:35 +0100
Rowland Penny <rowlandpenny241155 at gmail.com> wrote:

> On 10/09/15 15:05, Jim Seymour wrote:
> > Hi,
> >
> > This doc (and another like it)
> >
> >      http://www.blackhole-networks.com/Cheatsheets/Samba4Map/

Btw: The other doc was at

    https://wiki.samba.org/index.php/Adding_users_with_samba_tool

> >
[snip]
> 
> Hmm, works for me:
> 
> root at dc01:~# wbinfo --name-to-sid rowland
> S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106 SID_USER (1)
> root at dc01:~# ldbedit -e nano -H /var/lib/samba/private/idmap.ldb 
> objectsid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
> 
> # editing 1 records
> # record 1
> dn: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
> cn: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
> objectClass: sidMap
> objectSid: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
> type: ID_TYPE_BOTH
> xidNumber: 3000021
> distinguishedName: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106

$ samba-tool user add jeffrey
New Password: 
Retype Password: 
User 'jeffrey' created successfully
$ wbinfo --name-to-sid jeffrey
S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1108 SID_USER (1)
$ ldbedit -e vi -H /var/lib/samba/private/idmap.ldb
   objectsid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1108
no matching records - cannot edit
$ 

> 
> If you only require the contents of the xidNumber attribute, you
> could try this:
> 
> ldbsearch -H /var/lib/samba/private/idmap.ldb 
> '(&(objectclass=sidMap)(objectSid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106))' 
> | grep 'xidNumber' | awk '{print $NF}'
> 
> Which when I run it, returns:
> 
> 3000021

The object is not to acquire it, but to change it.

> 
> What I cannot understand is, why you cannot find the user ? I take it 
> you are running the commands on the DC.

Yes, I am.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

More information about the samba mailing list