I am having trouble getting samba to execute the add machine script
properly. It seems to be executing this script as a non-root user.
I am running trustix with the 2.4.30 kernel. Samba is version 3.0.14a.
Here is the output from testparm:
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[backup]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = EE
server string = Trustix Secure Linux Samba Server
passdb backend = ldapsam:ldap://localhost/
log file = /var/log/samba/log.%I
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g
"%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
logon script = logon.bat
logon path logon drive = H:
domain logons = Yes
os level = 32
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=experts-exchange,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=People
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=experts-exchange,dc=com
ldap user suffix = ou=People
[homes]
comment = Home Directories
path = /home/users/%S
valid users = %S
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
share modes = No
[backup]
comment = Backups
path = /backup
browseable = No
When in run `net join EE -U root` I get the following error:
[2005/07/07 17:06:26, 0] utils/net_ads.c:ads_startup(191)
ads_connect: No results returned
Creation of workstation account failed
Unable to join domain EE.
Here is a snippit of part of the log that is generated when i run that
command. As you can see from the last lines, smbldap-useradd did not
run properly because it could not open the smbldap.conf file. The
permissions on this file are 0600; it is owned by root.
[2005/07/07 16:59:56, 5] lib/smbldap.c:smbldap_search(1038)
smbldap_search: base => [dc=experts-exchange,dc=com], filter =>
[(&(uid=filese
rver$)(objectclass=sambaSamAccount))], scope => [2]
[2005/07/07 16:59:56, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1334)
ldapsam_getsampwnam: Unable to locate user [fileserver$] count=0
[2005/07/07 16:59:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam(293)
Finding user fileserver$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(223)
Trying _Get_Pwnam(), username as lowercase is fileserver$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(239)
Trying _Get_Pwnam(), username as uppercase is FILESERVER$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(247)
Checking combinations of 0 uppercase letters in fileserver$
[2005/07/07 16:59:56, 5] lib/username.c:Get_Pwnam_internals(251)
Get_Pwnam_internals didn't find user [fileserver$]!
[2005/07/07 16:59:56, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311)
_samr_create_user: can add this account : False
Unable to open /etc/opt/IDEALX/smbldap-tools/smbldap.conf for reading !
Compilation failed in require at /usr/local/sbin/smbldap-useradd line 33.
BEGIN failed--compilation aborted at /usr/local/sbin/smbldap-useradd
line 33.
[2005/07/07 16:59:56, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324)
_samr_create_user: Running the command
`/usr/local/sbin/smbldap-useradd -w "fi
leserver$"' gave 2
How can I get this script to run as root?
Brian Abreu
