I'll just go ahead and reply to my own message with some info I've
found... see if that inspires anyone to help.
After some greping through the smbpasswd source code (pretty clean
stuff, if I may say so), I figured the line of death resides in
passdb/passdb.c, function pdb_init_sam_new, lines 304 - 307:
-----------------------------------------
pwd = Get_Pwnam(username);
if (!pwd)
return NT_STATUS_NO_SUCH_USER;
-----------------------------------------
Looks like its trying to find a uid for a user that does not exist.
Now, this is supposed to be the defined behavior for actual users, but I
was under the impression that with ldap as the backend, machines did not
need a posix account... and that the RID was generated by some other
algorithm.
Am I off my rocker here?
-Sean
On Mon, 2003-09-08 at 13:24, Sean Kellogg wrote:> This totally worked a few days ago... when running 'smbpasswd -a user
> -D 5' I get the following:
>
> root@logos:/home/niles/ldap/debian# smbpasswd -a user -D 5
> Netbios name list:-
> my_netbios_names[0]="LOGOS"
> New SMB password:
> Retype new SMB password:
> Trying to load: ldapsam:ldap://logos.biostat.washington.edu
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend ldapsam_compat
> Successfully added passdb backend 'ldapsam_compat'
> Attempting to register passdb backend smbpasswd
> Successfully added passdb backend 'smbpasswd'
> Attempting to register passdb backend tdbsam
> Successfully added passdb backend 'tdbsam'
> Attempting to register passdb backend guest
> Successfully added passdb backend 'guest'
> Attempting to find an passdb backend to match
> ldapsam:ldap://logos.biostat.washington.edu (ldapsam)
> Found pdb backend ldapsam
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LOGOS))]
> smbldap_search_suffix: searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=LOGOS))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesful connected
> pdb backend ldapsam:ldap://logos.biostat.washington.edu has a valid init
> Attempting to find an passdb backend to match guest (guest)
> Found pdb backend guest
> pdb backend guest has a valid init
> smbldap_search_suffix: searching
> for:[(&(uid=user)(objectclass=sambaSamAccount))]
> Unable to locate user [user] count=0
> Finding user user
> Trying _Get_Pwnam(), username as lowercase is user
> Trying _Get_Pwnam(), username as uppercase is USER
> Checking combinations of 0 uppercase letters in user
> Get_Pwnam_internals didn't find user [user]!
> Failed initialise SAM_ACCOUNT for user user.
> Failed to modify password entry for user user
>
> As you can see, I'm using ldap, and running at a higher debug value
> shows that I am successfully connecting to the ldap server. This works
> fine if the user already has a posix account established... but it used
> to create the account automagically. While its not the end of the world
> in terms of users, it is very troublesome when trying to add a machine
> to the domain (where it evokes smbpasswd -am MACHINE NAME). Again,
> broken. But this totally worked a few days ago. While I'm not surp
>
> The only thing I can think of is that I upgraded to 3.0.0rc2-Debian from
> 3.0.0rc1-Debian. But that seems like an odd thing to change. Has
> anyone else experienced this problem?
>
> smb.conf
> --------
> [global]
> netbios name = logos
> workgroup = logos
>
> encrypt passwords = true
> unix password sync = no
> ldap passwd sync = yes
> pam password change = yes
> obey pam restrictions = yes
>
> domain master = yes
> local master = yes
> preferred master = yes
> os level = 65
>
> passdb backend = ldapsam:ldap://logos.biostat.washington.edu
> ldap admin dn = cn=admin,dc=biostat,dc=washington,dc=edu
> ldap suffix = dc=biostat,dc=washington,dc=edu
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=People
> ldap group suffix = ou=Group
> ldap ssl = off
>
> security = user
> domain logons = yes
> wins server = 128.95.29.52
>
> logon path = \\%L\profiles\%u
> logon script = logon.bat
>
> logon drive = H:
>
> time server = yes
>
> idmap uid = 10000-65000
> idmap gid = 10000-65000
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false %u
>
> printing = BSD
> load printers = yes
> printer admin = @domadmin
> printcap name = /etc/printcap
>
> ----
>
> Help would be appreciated... hell, "it works for me" would even
be
> good, as then I know its something I'm doing at not the developers.
>
> -Sean
--
Sean Kellogg
University of Washington
Biostatistics Department - Linux Guy
e: skellogg@u.washington.edu p: 5-9176
"Linux is to the internet what duct tape is to everything else"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20030908/0ac3c136/attachment.bin