[Samba] samba-tool cannot add or remove group members

Rowland Penny rpenny at samba.org
Tue May 30 09:58:52 UTC 2017 

On Tue, 30 May 2017 10:30:27 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:

> On Tue, 30 May 2017 09:22:59 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> > 
> > All I can think of is, you have a user with
> > 'sAMAccountName=username' and another with 'CN=username', this
> > could lead to 'len(targetmember)' being 2
> > 
> 
> OK, I can confirm my thoughts, if I run:
> 
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> dc=samdom,dc=example,dc=com -s sub
> "(|(sAMAccountName=rowland)(CN=rowland))"
> 
> I get:
> 
> # record 1
> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> CN: Rowland Penny
> sAMAccountName: rowland
> 
> # record 2
> dn: CN=rowland,OU=SUDOers,DC=samdom,DC=example,DC=com
> CN: rowland
> 
> NOTE: other attributes removed for brevity.
> 
> If I now try to add 'rowland' to a group, I get this:
> 
> root at dc1:~# samba-tool group addmembers group12 rowland
> ERROR(exception): Failed to add members "rowland" to group "group12"
> - Unable to find "rowland". Operation cancelled. File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/group.py",
> line 239, in run add_members_operation=True) File
> "/usr/local/samba/lib/python2.7/site-packages/samba/samdb.py", line
> 278, in add_remove_group_members raise Exception('Unable to find
> "%s". Operation cancelled.' % member)
> 
> Now just to think of a way around this.
> 
> Rowland
> 
> 
> 

OK, I think I have a fix, find 'samdb.py' on your DC, open it in your
favourite editor and find this line:

    def add_remove_group_members(self, groupname, members,

It should be around line 240

Go down to about line 270, where you should find these two lines:

                                    expression="(|(sAMAccountName=%s)(CN=%s))" % (
                    ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[])

Change them to:

                                    expression="(sAMAccountName=%s)" % (
                                    ldb.binary_encode(member)), attrs=[])

You should then be able to add your user to the group:

root at dc1:~# samba-tool group addmembers group12 rowland
Added members to group group12

Rowland

More information about the samba mailing list