[Samba] ldb transaction question
rpenny at samba.org
Fri Feb 24 10:15:21 UTC 2023
On 24/02/2023 07:56, d tbsky via samba wrote:
> I want to add rfc2307 attribute to machine account. I saw I can do
> it via "samba-tool computer". but I want to try if there is a simpler
> method, so I issue the command:
> ./samba-tool user addunixattrs 'machine$' 9999
> and result:
> You are setting a Unix/RFC2307 UID & GID. You may want to set
> 'idmap_ldb:use rfc2307 = Yes' in smb.conf to use the attributes for
> ERROR: Failed to modify user 'machine$': (21, "objectclass_attrs:
> attribute 'gidnumber' on entry
> 'CN=MACHINE,OU=Workstation,OU=PC,DC=ad,DC=samdom,DC=com, contains at
> least one invalid value!")
> A transaction is still active in ldb context [0x56268385f090] on
> I don't mind the command failed. but last line worried me. should I do
> something to revert the ldb transaction or even restore my samba
> is that message safe to ignore?
> thanks a lot for help
As Andrew has said, you can ignore that error message, but the reason it
is happening is interesting.
The code was written from the point of view of adding rfc2307 attributes
to a user, not a computer, hence it uses the gidNumber from Domain Users
if '--gid-number=GID_NUMBER' is not supplied.
Domain Users is the normal primary group for AD users, but the primary
group for computers is Domain Computers, so that is one problem.
However, I think the reason why it threw an error is simple, I do not
think that Domain Users has a gidNumber attribute, though the code
should have told you this, but apparently it doesn't.
More information about the samba