thr3ads.net - samba - [Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain. [Feb 2004]

If this information is useful, please help other people find it:
Share via:

boka

2004-Feb-03 21:49 UTC

[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

Hi !

I cant add any user (person, and machine) to my domain made with 
samba-3.0.1, openldap-2.0.27, new samba.schema, smbldap-tools-0.8.3. I 
have to migrate from ldap_compact to ldap backend.

Rhea is a ldap server, codo is a PDC from DOMAIN.

To show, what the problem is, look at the following instructions:

root@rhea:~# smbldap-useradd -w loko20

root@rhea:~# getent passwd|grep loko
loko$:x:1459:553:loko$:/dev/null:/bin/false
loko20$:x:1088:553:loko20$:/dev/null:/bin/false

[root@codo cyrus-sasl]# getent passwd|grep loko
loko$:x:1459:553:loko$:/dev/null:/bin/false
loko20$:x:1088:553:loko20$:/dev/null:/bin/false

[root@codo cyrus-sasl]# pdbedit -L -v loko20$
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching 
for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
Username not found!

[root@codo cyrus-sasl]# smbldap-userdel loko20$

[root@codo cyrus-sasl]# getent passwd|grep loko
loko$:x:1459:553:loko$:/dev/null:/bin/false

[root@codo root]# pdbedit -L -v loko$
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching 
for:[(&(&(uid=loko$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
init_sam_from_ldap: Entry found for user: loko$
Unix username:        loko$
NT username:          loko$
Account Flags:        [W          ]
User SID:             S-1-5-21-133419789-486977345-1400590255-3918
Primary Group SID:    S-1-5-21-133419789-486977345-1400590255-0
Full Name:            loko$
Home Directory:       \\io\profiles\loko_
HomeDir Drive:        H:
Logon Script:         LOGON.BAT
Profile Path:         \\io\profiles\loko_
Domain:               DOMAIN
Account desc:         Computer
Workstations:
Munged dial:
Logon time:           0
Logoff time:          pi?, 13 gru 1901 21:45:51 GMT
Kickoff time:         pi?, 13 gru 1901 21:45:51 GMT
Password last set:    wto, 03 lut 2004 16:27:18 GMT
Password can change:  wto, 03 lut 2004 16:27:18 GMT
Password must change: pi?, 13 gru 1901 21:45:51 GMT
[root@codo root]# smbldap-usershow loko$
dn: uid=loko$,ou=Computers,dc=ITSTUFF,dc=PL
cn: loko$
uid: loko$
uidNumber: 1459
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
objectClass: top,posixAccount,sambaSamAccount
sambaSID: S-1-5-21-133419789-486977345-1400590255-3918
sambaPrimaryGroupSID: S-1-5-21-133419789-486977345-1400590255-0
sambaPwdMustChange: 2147483647
sambaLMPassword: 3DBA2EE9307B1C33CDE04089789D1F72
sambaNTPassword: 3DBA2EE9307B1C33CDE04089789D1F72
sambaPwdCanChange: 1075822038
sambaAcctFlags: [W          ]
sambaLogoffTime: 2147483647
sambaLogonTime: 0
sambaKickoffTime: 2147483647
sambaPwdLastSet: 1075822038

[root@codo cyrus-sasl]# pdbedit -a -m loko20
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching 
for:[(&(&(uid=loko20$)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching 
for:[(&(uid=loko20$)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching 
for:[(&(sambaSID=S-0-0)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))]
init_ldap_from_sam: Setting entry for user: loko20$
ldapsam_modify_entry: Failed to add user dn= 
uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL with: Object class violation
         object class 'sambaSamAccount' requires attribute
'sambaSID'
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ldapsam_add_sam_account: failed to modify/add user with uid = loko20$ 
(dn = uid=loko20$,ou=Computers,dc=ITSTUFF,dc=PL)
Unable to add machine! (does it already exist?)

samba ldap conf looks like:

         passdb backend = ldapsam:ldap://localhost
         ldap delete dn = no
         ldap suffix = dc=ITSTUFF,dc=PL
         ldap admin dn = "cn=Manager,dc=ITSTUFF,dc=PL"
         ldap user suffix = ou=Users
         ldap group suffix = ou=Groups
         ldap machine suffix = ou=Computers
         ldap port = 389
         ldap server = 127.0.0.1
         ldap ssl = No
         ldap passwd sync = Yes
         ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
         idmap backend = ldap:ldap://localhost:389

samba was compiled with the following options to configure script:

         --localstatedir=/var \
         --with-configdir=/etc/samba \
         --with-privatedir=/etc/samba \
         --with-fhs \
         --with-quotas \
         --with-smbmount \
         --with-pam \
         --with-pam_smbpass \
         --with-syslog \
         --with-utmp \
         --with-sambabook=%{prefix}/share/swat/using_samba \
         --with-swatdir=%{prefix}/share/swat \
         --with-libsmbclient  \
         --with-expsam=mysql \
         --with-ldap \
	--with-ldapsam

ps. sorry for crossposting ... but i can not find any solution to my problem

greetz
boka

boka

2004-Feb-04 08:59 UTC

head link

[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

Hi !

More details about my problem. As i said before, i'm using 
smbldap-tools-0.8.3, and:

[root@codo smbldap-tools]# smbldap-useradd -a boka2
Can't call method "get_value" on an undefined value at 
/usr/local/sbin/smbldap-useradd line 154, <DATA> line 283.

 From smbldap-useradd:
$userGroupSID = $group_entry->get_value('sambaSID');

I'm using correct version of samba.schema in my ldap server:
...
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
         DESC 'Security ID'
         EQUALITY caseIgnoreIA5Match
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
...

root@rhea:~# smbldap-useradd -w loko23

OK, quick view of ldiff:

dn: uid=loko23$,ou=Computers,dc=ITSTUFF,dc=PL
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: loko23$
sn: loko23$
uid: loko23$
uidNumber: 1088
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer

It looks like scripts, or ldap server do not use new samba.schema.

ps. sorry for cross posting again :-/

ps. II for samba-idealx team:
http://marc.theaimsgroup.com/?l=samba&m=107584508526994&w=2

greetz
boka

boka

2004-Feb-04 10:19 UTC

head link

[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

Hi !

More details:

[root@codo smbldap-tools]# pdbedit -v
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching 
for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))]
failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: 
Already exists

Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate 
new users/groups, and will risk BDCs having inconsistant SIDs
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DOMAIN))]
smbldap_open_connection: connection opened
smbldap_search_suffix: searching 
for:[(&(sambaDomainName=DOMAIN)(objectclass=sambaDomain))]
failed to add domain dn= sambaDomainName=DOMAIN,dc=ITSTUFF,dc=PL with: 
Already exists

Adding domain info for DOMAIN failed with NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate 
new users/groups, and will risk BDCs having inconsistant SIDs
...

greetz
boka

boka

2004-Feb-06 09:55 UTC

head link

[Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

paul k wrote:
> looks good, does "getent passwd" show up your ldap users?
yes, fxp.:

[root@codo root]# getent passwd|grep boka
...
boka:x:1257:1001:Daniel Chojecki:/home/users/boka:/bin/bash
...
[root@codo root]# getent group|grep boka
...
mirror_grp:x:1023:boka
...

greetz
boka

boka

2004-Feb-06 11:33 UTC

head link

[Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

paul k wrote:
> you need to create a posixAccount user/machine entry in ldap before 
> adding samba user/machine with smbpasswd. 
You are right:

smbldap-useradd -w test00002
pdbedit -a -m test00002

right now i am able to add machines to the domain :)

thx !

greetz
boka

Seemingly Similar Threads

Search for more possibly parallel threads

samba - Feb 2004 - samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

[Samba] samba 3.0.1 and ldap backend problem - I can not add new accounts to domain.

[Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

[Samba] samba 3.0.1 and 3.0.2rc2 - ldap backend problem - still not solved :(

Seemingly Similar Threads