[Samba] ldbedit: no matching records - cannot edit (newly-created user)

Rowland Penny rowlandpenny241155 at gmail.com
Thu Sep 10 16:24:59 UTC 2015 

On 10/09/15 17:08, Jim Seymour wrote:
> On Thu, 10 Sep 2015 16:20:35 +0100
> Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>
>> On 10/09/15 15:05, Jim Seymour wrote:
>>> Hi,
>>>
>>> This doc (and another like it)
>>>
>>>       http://www.blackhole-networks.com/Cheatsheets/Samba4Map/
> Btw: The other doc was at
>
>      https://wiki.samba.org/index.php/Adding_users_with_samba_tool
>
> [snip]
>> Hmm, works for me:
>>
>> root at dc01:~# wbinfo --name-to-sid rowland
>> S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106 SID_USER (1)
>> root at dc01:~# ldbedit -e nano -H /var/lib/samba/private/idmap.ldb
>> objectsid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
>>
>> # editing 1 records
>> # record 1
>> dn: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
>> cn: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
>> objectClass: sidMap
>> objectSid: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
>> type: ID_TYPE_BOTH
>> xidNumber: 3000021
>> distinguishedName: CN=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106
> $ samba-tool user add jeffrey
> New Password:
> Retype Password:
> User 'jeffrey' created successfully
> $ wbinfo --name-to-sid jeffrey
> S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1108 SID_USER (1)
> $ ldbedit -e vi -H /var/lib/samba/private/idmap.ldb
>     objectsid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1108
> no matching records - cannot edit
> $

How have you installed samba4, was it from packages, or did you compile 
it yourself?

If it was the later, idmap.ldb will be in /usr/local/samba/private (this 
is from memory, it has been sometime since I last compiled samba myself)

If it is from packages, how did you provision samba4

Rowland

>
>> If you only require the contents of the xidNumber attribute, you
>> could try this:
>>
>> ldbsearch -H /var/lib/samba/private/idmap.ldb
>> '(&(objectclass=sidMap)(objectSid=S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1106))'
>> | grep 'xidNumber' | awk '{print $NF}'
>>
>> Which when I run it, returns:
>>
>> 3000021
> The object is not to acquire it, but to change it.
>
>> What I cannot understand is, why you cannot find the user ? I take it
>> you are running the commands on the DC.
> Yes, I am.
>
> Regards,
> Jim

More information about the samba mailing list