Adding workstation to a samba pre 3.0 controlled domain
Simo Sorce
sorce at mail.polimi.it
Tue Nov 7 21:35:45 GMT 2000
I've tested to insert an Nt wks in a samba HEAD controlled domain
providing my samba controller admin username and password in the network
dialog NT give you when you want to join a domain.
The action failed and from logs (level 10) I saw the problem is in user
name handling.
api_rpcTNP: api_samr_rpc op 0x32 - api_rpcTNP: rpc
command: SAMR_CREATE_USER
000000 samr_io_q_create_user
000000 smb_io_pol_hnd pol
0000 data: 00 00 00 00 02 00 00 00 00 00 00 00 89 6c 08 3a 1c 13
00 00
000014 smb_io_unihdr
0014 uni_str_len: 000e
0016 uni_max_len: 0010
0018 buffer : 00898f28
00001c smb_io_unistr2
001c uni_max_len: 00000008
0020 undoc : 00000000
0024 uni_str_len: 00000007
0028 buffer : I.D.R.A.N.T.$.
0038 acb_info: 00000080
003c access_mask: e00500b0
Found policy hnd[2] [000] 00 00 00 00 02 00 00 00 00 00 00 00 89 6C 08 3A
........ .....l.:
[010] 1C 13 00 00 ....
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
getsamtdbpwent: error fetching database.
Error: Success
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Opened policy hnd[3] [000] 00 00 00 00 03 00 00 00 00 00 00 00 89 6C 08
3A ........ .....l.:
[010] 1C 13 00 00 ....
smb_create_user: Running the command `/usr/sbin/adduser -g users idrant_'
gave 0
User idrant$ does not exist in system password file (usually
/etc/passwd). Cannot add account without a valid local system user.
The problem is that adduser script is called with wrong username for a
workstation account.
smb_create_user called in _api_samr_create_user:
if (lp_adduser_script())
smb_create_user(mach_acct);
^^^^^^^^^^^^^^^
calls smbrun:
> pstrcpy(add_script, lp_adduser_script());
> if (! *add_script) return -1;
> pstring_sub(add_script, "%u", unix_user);
^^^^^^^^^^^
> ret = smbrun(add_script,NULL,False);
pstring_sub calls string_sub that will substitute the %u tag with the
username but will also modify the string, infact:
> for (i=0;i<li;i++) {
> switch (insert[i]) {
> case '`':
> case '"':
> case '\'':
> case ';':
> case '$':
^^^^^^^^^
> case '%':
> case '\r':
> case '\n':
> p[i] = '_';
^^^^^^^^^^^
and this thing will change the wksname$ in wksname_
in /etc/passwd in fact I found the entry:
idrant_:......
after that _api_samr_create_user will use local_password_change to add
the workstation to the
smbpasswd (tdbpass.c backend in my case) and it will fail as the idrant$
name is not found in the system passwd.
cheers,
Simo.
More information about the samba-technical
mailing list