[Samba] ldb transaction question

Rowland Penny rpenny at samba.org
Fri Feb 24 10:15:21 UTC 2023

On 24/02/2023 07:56, d tbsky via samba wrote:
> Hi:
>      I want to add rfc2307 attribute to machine account. I saw I can do
> it via "samba-tool computer". but I want to try if there is a simpler
> method, so I issue the command:
>   ./samba-tool user addunixattrs 'machine$' 9999
> and result:
>   You are setting a Unix/RFC2307 UID & GID. You may want to set
> 'idmap_ldb:use rfc2307 = Yes' in smb.conf to use the attributes for
> XID/SID-mapping.
> ERROR: Failed to modify user 'machine$': (21, "objectclass_attrs:
> attribute 'gidnumber' on entry
> 'CN=MACHINE,OU=Workstation,OU=PC,DC=ad,DC=samdom,DC=com, contains at
> least one invalid value!")
> A transaction is still active in ldb context [0x56268385f090] on
> tdb:///usr/local/samba/private/sam.ldb
> I don't mind the command failed. but last line worried me. should I do
> something to revert the ldb transaction or even restore my samba
> backup?
> is that message safe to ignore?
> thanks a lot for help
> Regards,
> tbskyd

As Andrew has said, you can ignore that error message, but the reason it 
is happening is interesting.

The code was written from the point of view of adding rfc2307 attributes 
to a user, not a computer, hence it uses the gidNumber from Domain Users 
if '--gid-number=GID_NUMBER' is not supplied.
Domain Users is the normal primary group for AD users, but the primary 
group for computers is Domain Computers, so that is one problem.

However, I think the reason why it threw an error is simple, I do not 
think that Domain Users has a gidNumber attribute, though the code 
should have told you this, but apparently it doesn't.


More information about the samba mailing list