Jim C
2003-Feb-21 18:32 UTC
[Samba] Re: [expert] Brainstorm - add user script in Samba-LDAP
>>add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d>>/dev/null -g Machines -s /bin/false %u Yes. The Manchines group does exist, as does adm and Administrators as specified in /etc/smb.conf seen here: >>domain admin group = root Administrator @adm @Administrators @wheel wheel does not actually exist and both users in the system belong to adm. I have the groups and users mentioned in the LDAP database with of course, the exception of root. What I keep getting when I try to add a machine is "Access denied" on the Windoz side and this is what shows up in /var/log/messages:> Feb 21 10:15:36 enigma smbd[13731]: [2003/02/21 10:15:36, 0] passdb/pdb_ldap.c:ldap_connect_system(344) > Feb 21 10:15:36 enigma smbd[13731]: ldap_connect_system: Binding to ldap server as "cn=root,dc=microverse,dc=net" > Feb 21 10:15:37 enigma smbd[13731]: [2003/02/21 10:15:37, 0] passdb/pdb_ldap.c:ldap_connect_system(344) > Feb 21 10:15:37 enigma smbd[13731]: ldap_connect_system: Binding to ldap server as "cn=root,dc=microverse,dc=net" > Feb 21 10:15:37 enigma smbd[13731]: [2003/02/21 10:15:37, 0] passdb/pdb_ldap.c:pdb_getsampwnam(970) > Feb 21 10:15:37 enigma smbd[13731]: LDAP search "(&(uid=spartack_)(objectclass=sambaAccount))" returned 0 entries. > Feb 21 10:15:37 enigma smbd[13731]: [2003/02/21 10:15:37, 0] rpc_server/srv_netlog_nt.c:get_md4pw(176) > Feb 21 10:15:37 enigma smbd[13731]: get_md4pw: Workstation spartack$: no account in domain > Feb 21 10:15:38 enigma smbd[13732]: [2003/02/21 10:15:38, 0] passdb/pdb_ldap.c:ldap_connect_system(344) > Feb 21 10:15:38 enigma smbd[13732]: ldap_connect_system: Binding to ldap server as "cn=root,dc=microverse,dc=net" > Feb 21 10:15:39 enigma smbd[13732]: [2003/02/21 10:15:39, 0] passdb/pdb_ldap.c:ldap_connect_system(344) > Feb 21 10:15:39 enigma smbd[13732]: ldap_connect_system: Binding to ldap server as "cn=root,dc=microverse,dc=net" > Feb 21 10:15:39 enigma smbd[13732]: [2003/02/21 10:15:39, 0] passdb/pdb_ldap.c:pdb_getsampwnam(970) > Feb 21 10:15:39 enigma smbd[13732]: LDAP search "(&(uid=spartack_)(objectclass=sambaAccount))" returned 0 entries. > Feb 21 10:15:39 enigma smbd[13732]: [2003/02/21 10:15:39, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1929) > Feb 21 10:15:39 enigma smbd[13732]: User spartack$ does not exist in system password file (usually /etc/passwd). Cannot add account without a valid local system user.The second to the last line above is the important one I think but I am not quite certain what it is telling me. This line: rpc_server/srv_samr_nt.c:_api_samr_create_user(1929) doesn't, in my mind, indicate failure and the next line simply says that the user wasn't found. I know it wasn't added because it does not show up in the db. Plain and simple, these messages don't help much and I don't know what the other log levels are. I've tried bumping the log level up to 4 and then 5 and then on to 6 but it doesn't seem to change anything. Lastly, someone mentioned the possibility that there might be something going on in my non-interactive shell environment. It would help a great deal if I had a better idea of what the environment Samba executes the script in is. I do know that of .bash_profile and .bashrc that one of them is for interactive environments and the other for non-interactive however, for all I know there might be something radically different about the environment that samba uses. Someone also earlier mentioned that there might be something wrong with the linking of my Perl libraries in that non-interactive environment. I wonder if this could be fixed by re-installing them? Jim C.
BINGO!! I've got the answer to this. On a Samba-LDAP PDC, no matter what the 'add user script' will not be executed if you are using the wrong port for the ldap server. No error code, no nuthin. A simple change from ldap port = 636 to ldap port = 389 fixed everything. Jim C wrote:> >>add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d...> wonder if this could be fixed by re-installing them? > Jim C.Key words so others can find this email: Samba LDAP PDC Perl script