boka
2004-Feb-03 21:49 UTC
[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.
Hi ! I cant add any user (person, and machine) to my domain made with samba-3.0.1, openldap-2.0.27, new samba.schema, smbldap-tools-0.8.3. I have to migrate from ldap_compact to ldap backend. Rhea is a ldap server, codo is a PDC from DOMAIN. To show, what the problem is, look at the following instructions: root@rhea:~# smbldap-useradd -w loko20 root@rhea:~# getent passwd|grep loko loko$:x:1459:553:loko$:/dev/null:/bin/false loko20$:x:1088:553:loko20$:/dev/null:/bin/false [root@codo cyrus-sasl]# getent passwd|grep loko loko$:x:1459:553:loko$:/dev/null:/bin/false loko20$:x:1088:553:loko20$:/dev/null:/bin/false [root@codo cyrus-sasl]# pdbedit -L -v loko20$ Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] Username not found! [root@codo cyrus-sasl]# smbldap-userdel loko20$ [root@codo cyrus-sasl]# getent passwd|grep loko loko$:x:1459:553:loko$:/dev/null:/bin/false [root@codo root]# pdbedit -L -v loko$ Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(&(uid=loko$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] init_sam_from_ldap: Entry found for user: loko$ Unix username: loko$ NT username: loko$ Account Flags: [W ] User SID: S-1-5-21-133419789-486977345-1400590255-3918 Primary Group SID: S-1-5-21-133419789-486977345-1400590255-0 Full Name: loko$ Home Directory: \\io\profiles\loko_ HomeDir Drive: H: Logon Script: LOGON.BAT Profile Path: \\io\profiles\loko_ Domain: DOMAIN Account desc: Computer Workstations: Munged dial: Logon time: 0 Logoff time: pi?, 13 gru 1901 21:45:51 GMT Kickoff time: pi?, 13 gru 1901 21:45:51 GMT Password last set: wto, 03 lut 2004 16:27:18 GMT Password can change: wto, 03 lut 2004 16:27:18 GMT Password must change: pi?, 13 gru 1901 21:45:51 GMT [root@codo root]# smbldap-usershow loko$ dn: uid=loko$,ou=Computers,dc=ITSTUFF,dc=PL cn: loko$ uid: loko$ uidNumber: 1459 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer objectClass: top,posixAccount,sambaSamAccount sambaSID: S-1-5-21-133419789-486977345-1400590255-3918 sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-0 sambaPwdMustChange: 2147483647 sambaLMPassword: 3DBA2EE9307B1C33CDE04089789D1F72 sambaNTPassword: 3DBA2EE9307B1C33CDE04089789D1F72 sambaPwdCanChange: 1075822038 sambaAcctFlags: [W ] sambaLogoffTime: 2147483647 sambaLogonTime: 0 sambaKickoffTime: 2147483647 sambaPwdLastSet: 1075822038 [root@codo cyrus-sasl]# pdbedit -a -m loko20 Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(uid=loko20$)(objectclass=sambaSamAccount))] smbldap_search_suffix: searching for:[(&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))] init_ldap_from_sam: Setting entry for user: loko20$ ldapsam_modify_entry: Failed to add user dn= uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ldapsam_add_sam_account: failed to modify/add user with uid = loko20$ (dn = uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL) Unable to add machine! (does it already exist?) samba ldap conf looks like: passdb backend = ldapsam:ldap://localhost ldap delete dn = no ldap suffix = dc=ITSTUFF,dc=PL ldap admin dn = "cn=Manager,dc=ITSTUFF,dc=PL" ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap port = 389 ldap server = 127.0.0.1 ldap ssl = No ldap passwd sync = Yes ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) idmap backend = ldap:ldap://localhost:389 samba was compiled with the following options to configure script: --localstatedir=/var \ --with-configdir=/etc/samba \ --with-privatedir=/etc/samba \ --with-fhs \ --with-quotas \ --with-smbmount \ --with-pam \ --with-pam_smbpass \ --with-syslog \ --with-utmp \ --with-sambabook=%{prefix}/share/swat/using_samba \ --with-swatdir=%{prefix}/share/swat \ --with-libsmbclient \ --with-expsam=mysql \ --with-ldap \ --with-ldapsam ps. sorry for crossposting ... but i can not find any solution to my problem greetz boka
boka
2004-Feb-04 08:59 UTC
[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.
Hi ! More details about my problem. As i said before, i'm using smbldap-tools-0.8.3, and: [root@codo smbldap-tools]# smbldap-useradd -a boka2 Can't call method "get_value" on an undefined value at /usr/local/sbin/smbldap-useradd line 154, <DATA> line 283. From smbldap-useradd: $userGroupSID = $group_entry->get_value('sambaSID'); I'm using correct version of samba.schema in my ldap server: ... attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) ... root@rhea:~# smbldap-useradd -w loko23 OK, quick view of ldiff: dn: uid=loko23$,ou=Computers,dc=ITSTUFF,dc=PL objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: loko23$ sn: loko23$ uid: loko23$ uidNumber: 1088 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer It looks like scripts, or ldap server do not use new samba.schema. ps. sorry for cross posting again :-/ ps. II for samba-idealx team: http://marc.theaimsgroup.com/?l=samba&m=107584508526994&w=2 greetz boka
boka
2004-Feb-04 10:19 UTC
[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.
Hi ! More details: [root@codo smbldap-tools]# pdbedit -v Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: Already exists Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))] smbldap_open_connection: connection opened smbldap_search_suffix: searching for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))] failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: Already exists Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs ... greetz boka
boka
2004-Feb-06 09:55 UTC
[Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(
paul k wrote:> looks good, does "getent passwd" show up your ldap users?yes, fxp.: [root@codo root]# getent passwd|grep boka ... boka:x:1257:1001:Daniel Chojecki:/home/users/boka:/bin/bash ... [root@codo root]# getent group|grep boka ... mirror_grp:x:1023:boka ... greetz boka
boka
2004-Feb-06 11:33 UTC
[Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(
paul k wrote:> you need to create a posixAccount user/machine entry in ldap before > adding samba user/machine with smbpasswd.You are right: smbldap-useradd -w test00002 pdbedit -a -m test00002 right now i am able to add machines to the domain :) thx ! greetz boka