Adding workstation to a samba pre 3.0 controlled domain

Simo Sorce sorce at mail.polimi.it
Tue Nov 7 21:35:45 GMT 2000 

I've tested to insert an Nt wks in a samba HEAD controlled domain
providing my samba controller admin username and password in the network
dialog NT give you when you want to join a domain.

The action failed and from logs (level 10) I saw the problem is in user
name handling.

api_rpcTNP: api_samr_rpc op 0x32 - api_rpcTNP: rpc
command: SAMR_CREATE_USER
000000 samr_io_q_create_user
    000000 smb_io_pol_hnd pol
        0000 data: 00 00 00 00 02 00 00 00 00 00 00 00 89 6c 08 3a 1c 13
00 00
    000014 smb_io_unihdr
        0014 uni_str_len: 000e
        0016 uni_max_len: 0010
        0018 buffer     : 00898f28
    00001c smb_io_unistr2
        001c uni_max_len: 00000008
        0020 undoc      : 00000000
        0024 uni_str_len: 00000007
        0028 buffer     : I.D.R.A.N.T.$.
    0038 acb_info: 00000080
    003c access_mask: e00500b0
Found policy hnd[2] [000] 00 00 00 00 02 00 00 00  00 00 00 00 89 6C 08 3A
........ .....l.:
[010] 1C 13 00 00                                       ....
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
getsamtdbpwent: error fetching database.
 Error: Success
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Opened policy hnd[3] [000] 00 00 00 00 03 00 00 00  00 00 00 00 89 6C 08
3A  ........ .....l.:
[010] 1C 13 00 00                                       ....
smb_create_user: Running the command `/usr/sbin/adduser -g users idrant_'
gave 0
User idrant$ does not exist in system password file (usually 
/etc/passwd). Cannot add account without a valid local system user.


The problem is that adduser script is called with wrong username for a
workstation account.

smb_create_user called in _api_samr_create_user:

 if (lp_adduser_script())
		smb_create_user(mach_acct);
                ^^^^^^^^^^^^^^^ 

calls smbrun:

> pstrcpy(add_script, lp_adduser_script());
> if (! *add_script) return -1;
> pstring_sub(add_script, "%u", unix_user);
  ^^^^^^^^^^^
> ret = smbrun(add_script,NULL,False);

pstring_sub calls string_sub that will substitute the %u tag with the
username but will also modify the string, infact:

> for (i=0;i<li;i++) {
> switch (insert[i]) {
> case '`':
> case '"':
> case '\'':
> case ';':
> case '$':
  ^^^^^^^^^
> case '%':
> case '\r':
> case '\n':
>	p[i] = '_';
        ^^^^^^^^^^^

and this thing will change the wksname$ in wksname_
in /etc/passwd in fact I found the entry:
idrant_:......
after that _api_samr_create_user  will use local_password_change to add
the workstation to the
smbpasswd (tdbpass.c backend in my case) and it will fail as the idrant$
name is not found in the system passwd.

cheers,
Simo.

More information about the samba-technical mailing list