thorsten.trautwein-veit@sctg.schulergroup.com
2003-Aug-01 10:07 UTC
[Samba] samba 3.0 beta3 ldapsam bug ?!?!
Thanks for your help in adance !!!
I work with SAMBA HEAD since alpha24. I have running a BDC, PDC, Printserver on
3
separate pc's. In my domain is integrated a nativ w2k Fileserver ( Dell Nas
PowerVault
725 ) for fileserving. Passwords are held in LDAP on every (Linux) machine
pam-ldap
works. Every thing was fine before the last update to BETA 3.
Problem :
I was updating from BETA 2 to BETA 3 and changing to the new Samba schema V3 (
sambaSAMAccout ). Since this point i am not able to add any machine account. Not
with smbpasswd or pdbedit. Regardless which tool i use i get the following error
:
------------------------------------------------------------
failed to add user dn= uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de with:
Object
class violation
object class 'sambaSamAccount' requires attribute
'sambaSID'
failed to modify/add user with uid = testr$ (dn =
uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de)
------------------------------------------------------------
A full level 10 log of : pdbedit -v -a -m testmachine$ is at the end of the
eMail.
Every thing else IS working, even adding new users the LDAP ?
I just now compile the sources with --debug --debug-developer to be able to
debug the
process of creating a machine account. Up to now with little success. Can
anybody else
help me, or verify the problem, related to passdb=ldapsam, LDAP schema V3 and
adding machines accounts ?
Thanks a lot for your help !!
my smb.conf :
------------------------------------------------------------
[global]
workgroup = SCTG
netbios name = SCTG_PDC
server string = Samba 3.0.BETA3 SCTG Primary Domaenen Controler
os level = 64
preferred master = Yes
domain master = Yes
local master = Yes
security = user
encrypt passwords = Yes
domain logons = Yes
passdb backend = ldapsam
ldap admin dn = cn=root,o=sctg,dc=schuler,dc=de
ldap suffix = o=sctg,dc=schuler,dc=de
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap ssl = no
# ldap trust ids = Yes
ldap delete dn = no
idmap uid = 10000-15000
idmap gid = 10000-15000
log level = 10 passdb:1
log file = /usr/local/samba/var/log.%m
logon script = script/%u.bat
logon path = \\sctgnas1.schuler.de\profiles\%u
logon drive = H:
logon home = \\sctgnas1.schuler.de\home\%u
use spnego = yes
wins support = Yes
hide local users = No
[netlogon]
path = /pcdaten/netlogon
write list = ntadmin, trautwei
locking = No
------------------------------------------------------------
log of ./pdbedit -a -m testr$ -v >pbedit.log:
------------------------------------------------------------
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: True/1
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
doing parameter log file = /usr/local/samba/var/log.%m
doing parameter logon script = script/%u.bat
doing parameter logon path = \\sctgnas1.schuler.de\profiles\%u
doing parameter logon drive = H:
doing parameter logon home = \\sctgnas1.schuler.de\home\%u
doing parameter use spnego = yes
doing parameter wins support = Yes
doing parameter hide local users = No
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SCTG))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=SCTG))]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as
"cn=root,o=sctg,dc=schuler,dc=de"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
Netbios name list:-
my_netbios_names[0]="SCTG_PDC"
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SCTG))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=SCTG))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=SCTG))]
smbldap_open_connection: ldap://localhost
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as
"cn=root,o=sctg,dc=schuler,dc=de"
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
account_policy_get: maximum password age:-1
account_policy_get: minimum password age:0
smbldap_search_suffix: searching
for:[(&(uid=testr$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching for:[(uid=testr$)]
smbldap_search_suffix: searching for:[(&(sambaSID=S-0-
0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
failed to add user dn= uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de with:
Object
class violation
object class 'sambaSamAccount' requires attribute
'sambaSID'
failed to modify/add user with uid = testr$ (dn =
uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de)
------------------------------------------------------------
_____________________________________________________
Ing. (FH) Thorsten Trautwein-Veit
Thorsten.Trautwein-Veit@sctg.schulergroup.com
G?ppingen:
Tel.: 07161/66-1275
Fax: 07161/66-972
_____________________________________________________
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 1 Aug 2003 thorsten.trautwein-veit@sctg.schulergroup.com wrote:> Thanks for your help in adance !!! > I work with SAMBA HEAD since alpha24. I have running a BDC, PDC, Printserver on 3 > separate pc's. In my domain is integrated a nativ w2k Fileserver ( Dell Nas PowerVault > 725 ) for fileserving. Passwords are held in LDAP on every (Linux) machine pam-ldap > works. Every thing was fine before the last update to BETA 3. > > Problem : > I was updating from BETA 2 to BETA 3 and changing to the new Samba schema V3 ( > sambaSAMAccout ). Since this point i am not able to add any machine account. Not > with smbpasswd or pdbedit. Regardless which tool i use i get the following error : > ------------------------------------------------------------ > failed to add user dn= uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de with: Object > class violation > object class 'sambaSamAccount' requires attribute 'sambaSID' > failed to modify/add user with uid = testr$ (dn > uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de) > ------------------------------------------------------------....> smbldap_search_suffix: searching for:[(&(uid=testr$)(objectclass=sambaSamAccount))] > smbldap_search_suffix: searching for:[(uid=testr$)] > smbldap_search_suffix: searching for:[(&(sambaSID=S-0- > 0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))] > failed to add user dn= uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de with: Object > class violation > object class 'sambaSamAccount' requires attribute 'sambaSID' > failed to modify/add user with uid = testr$ (dn > uid=testr$,ou=Computers,o=sctg,dc=schuler,dc=de) > ------------------------------------------------------------you need to look at a level 10 debug log here. are you using ldapsam? or ldapsam_compat? cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/Mz6iIR7qMdg1EfYRAqWvAKC3NRahQ/b+eJAkZLSBuOZKzO57xgCfW87D 7CYa9Ni3gfnKLXhMPmGwgeM=Eq4E -----END PGP SIGNATURE-----