Carlos García Recio
2004-Feb-19 11:08 UTC
[Samba] Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap
samba 3.0.2 smbldap-tools 0.8.4 RH 9 nss_ldap configured pam_ldap NOT configured LDAP passwd backend winxp pro domain member Hello, i've configured smbldap-tools in smb.conf to manage users from usrmgr.exe. It works at group creation but have a strange behavior in user creation. In the LDAP there are two manually created accounts; Administrador & invitado, both posixAccount and sambaSamAccount. When i try to create a new account with usrmgr using "smbldap-useradd %u" in "add user script" i get this error: [2004/02/19 11:37:53, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1634) ldapsam_add_sam_account: failed to modify/add user with uid = juan (dn = uid=juan,ou=People,o=senado.es) [2004/02/19 11:37:53, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2251) could not add user/computer juan to passdb. Check permissions? The usrmgr shows me an "Access denied" window and as result i can find a new entry in the LDAP server with uid=juan that is a posixAccount and shadowAccount. It looks like smbldap-useradd create a new entry (posixAccount) in the LDAP server and then samba tries to create the same entry (but with sambaSamAccount i think) I can get rid this error making a conventional unix account with "useradd" (created in /etc/passwd) and then adding the user with usrmgr. As result i get a new entry in the LDAP server that is a sambaSamAccount but not a posixAccount. (in this case i think that i didn't use add user script) The question is, how must i configure to create new users throw usrmgr with add user script = ...smbldap-useradd %u and getting as result a new entry in the LDAP server that is both posixAccount and sambaSamAccount? Thanks in advance! Carlos
Jérôme Tournier
2004-Feb-19 11:40 UTC
[Samba] Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap
Le Thu, Feb 19, 2004 at 12:07:49PM +0100, Carlos Garc?a Recio a ecrit:> samba 3.0.2 > smbldap-tools 0.8.4 > RH 9 > nss_ldap configured > pam_ldap NOT configured > LDAP passwd backend > winxp pro domain memberCan you also send us your smbldap-tools configuration files, and also samba and openldap (?) one ? thx -- J?r?me
Carlos García Recio
2004-Feb-19 12:00 UTC
[Samba] Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap
Here we go! El Jueves 19 Febrero 2004 12:39, J?r?me Tournier escribi?:> Le Thu, Feb 19, 2004 at 12:07:49PM +0100, Carlos Garc?a Recio a ecrit: > > samba 3.0.2 > > smbldap-tools 0.8.4 > > RH 9 > > nss_ldap configured > > pam_ldap NOT configured > > LDAP passwd backend > > winxp pro domain member > > Can you also send us your smbldap-tools configuration files, and also samba > and openldap (?) one ? > thx > -- > J?r?me-------------- next part -------------- dn: o=senado.es objectClass: organization objectClass: organization objectClass: top o: senado.es dn: ou=People,o=senado.es objectClass: organizationalUnit ou: People dn: ou=Groups,o=senado.es objectClass: organizationalUnit ou: Groups dn: ou=Computers,o=senado.es objectClass: organizationalUnit ou: Computers dn: uid=Administrador,ou=People,o=senado.es sambaPwdLastSet: 1077009096 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1077009096 sambaPwdMustChange: 2147483647 sambaLMPassword: F0D412BD764FFE81AAD3B435B51404EE sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634 sambaAcctFlags: [U ] loginShell: /bin/false gecos: Netbios Domain Administrator objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount homeDirectory: /tmp sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-512 userPassword: {SSHA}tsGSr9yQRsPT1cRjBGBCPWqbEGO/EtHR sn: Administrador cn: Administrador displayName: Administrador uid: Administrador sambaSID: S-1-5-21-2056510298-3027076148-852687323-1000 uidNumber: 0 gidNumber: 0 dn: uid=Invitado,ou=People,o=senado.es homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX sambaAcctFlags: [NU ] loginShell: /bin/false objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-514 sambaSID: S-1-5-21-2056510298-3027076148-852687323-501 uidNumber: 501 gidNumber: 99 sn: Invitado cn: Invitado displayName: Invitado uid: Invitado dn: cn=usuarios,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 513 sambaGroupType: 2 displayName: Usuarios del Dominio sambaSID: S-1-5-21-2056510298-3027076148-852687323-513 cn: usuarios description: Usuarios del domio NetBios dn: cn=invitados,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping sambaGroupType: 2 sambaSID: S-1-5-21-2056510298-3027076148-852687323-514 gidNumber: 99 cn: Invitados displayName: Invitados memberUid: Invitado description: Usuarios invitados del dominio NetBios dn: cn=Usuarios Avanzados,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 547 description: Netbios Domain Members can share directories and printers sambaGroupType: 2 cn: Usuarios Avanzados displayName: Usuarios Avanzados sambaSID: S-1-5-21-2056510298-3027076148-852687323-547 dn: cn=Operadores de Cuenta,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 description: Netbios Domain Users to manipulate users accounts sambaGroupType: 2 cn: Operadores de Cuenta sambaSID: S-1-5-21-2056510298-3027076148-852687323-548 displayName: Operadores de Cuenta dn: cn=Operadores de Servidor,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 549 description: Netbios Domain Server Operators sambaGroupType: 2 cn: Operadores de Servidor sambaSID: S-1-5-21-2056510298-3027076148-852687323-549 displayName: Operadores de Servidor dn: cn=Operadores de Impresion,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 description: Netbios Domain Print Operators sambaGroupType: 2 cn: Operadores de Impresion sambaSID: S-1-5-21-2056510298-3027076148-852687323-550 displayName: Operadores de Impresion dn: cn=Operadores de Copia de Seguridad,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 551 description: Netbios Domain Members can bypass file security to back up files sambaGroupType: 2 cn: Operadores de Copia de Seguridad sambaSID: S-1-5-21-2056510298-3027076148-852687323-551 displayName: Operadores de Copia de Seguridad dn: cn=Replicador,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 552 description: Netbios Domain Supports file replication in a sambaDomainName sambaGroupType: 2 cn: Replicador displayName: Replicador sambaSID: S-1-5-21-2056510298-3027076148-852687323-552 dn: cn=maquinas,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 553 sambaGroupType: 2 displayName: Maquinas del Dominio sambaSID: S-1-5-21-2056510298-3027076148-852687323-553 cn: maquinas description: Cuentas de maquinas del dominio NetBios dn: sambaDomainName=TEST,o=senado.es sambaDomainName: TEST sambaSID: S-1-5-21-2056510298-3027076148-852687323 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain dn: uid=winxp$,ou=Computers,o=senado.es objectClass: top objectClass: posixAccount objectClass: sambaSamAccount cn: winxp$ uid: winxp$ gidNumber: 553 homeDirectory: /tmp sambaPwdMustChange: 2147483647 sambaAcctFlags: [W ] sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-553 uidNumber: 4000 sambaSID: S-1-5-21-2056510298-3027076148-852687323-4000 sambaPwdCanChange: 1077105563 sambaLMPassword: A0EE4F6FCC250B20D355D7E01D42A574 sambaNTPassword: 312CDD18F95A1C6E4F803F5EB122FF06 sambaPwdLastSet: 1077105563 dn: cn=Administradores,ou=Groups,o=senado.es objectClass: posixGroup objectClass: sambaGroupMapping description: Netbios Domain Administrators sambaSID: S-1-5-21-2056510298-3027076148-852687323-512 sambaGroupType: 2 cn: Administradores displayName: Administradores memberUid: Administrador gidNumber: 0