Christian.Wittmer@intercomponentware.com
2004-Jul-27 10:46 UTC
[Samba] Samba3 - LDAP - USRMGR.EXE
Hello, have some little problems adding user to domain with USRMGR.EXE My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4, smbldap-tools-0.8.5, openldap2-2.2.6 If I try to add a new user with USRMGR.EXE I get an error "Access denied", but if I look into LDAP the new user was correctly added to LDAP. If I confirm the error-message and then cancel the "NEW USER" Window and typing "F5" for refreshing the USRMGR. I can see the new user. By doubble-clicking the new User I am able to make any modification to the User without any error. What could be the problem ? Here is a part of /var/log/messages that Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1573) Jul 27 12:36:25 samba3 smbd[2149]: ldapsam_add_sam_account: User 'i00001' already in the base, with samba attributes Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2267) Jul 27 12:36:25 samba3 smbd[2149]: could not add user/computer i00001 to passdb. Check permissions? if you need more logs or sambalog with special loglevel just tell me. The same problem exists when joining a machine to DOMAIN. On first try => "Access denied" but correctly added to LDAP On second try => "Welcome to DOMAIN" Thanks for any help. Christian Wittmer --------------------------------- B?ro/Office: +49 (0) 6227/385-120 Email: Christian.Wittmer@InterComponentWare.com InterComponentWare AG Otto-Hahn-Strasse 3 69190 Walldorf Zentrale/Main: +49 (6227) 385-100 http://www.intercomponentware.com http://www.lifesensor.com
Christian.Wittmer@intercomponentware.com
2004-Jul-27 11:02 UTC
[Samba] Samba3 - LDAP - USRMGR.EXE
boka <boka@sto-procent.art.pl> 27.07.2004 12:50 To: Christian.Wittmer@intercomponentware.com cc: Subject: Re: [Samba] Samba3 - LDAP - USRMGR.EXE>could You send me solution if You will get any ?shure, if i'll have one. greetz chris
Just a hunch, I didnot test myself. In your smb.conf, did you set the "add user script" to add posix account as well as Windows account? If so, there might be a problem.>From what I read and understand, the script suppose to add Posix accountonly, and samba will add the Windows account. If the Windows account is added by the "add user script", then Samba has to delete it or modify it, which it might not have the previlege or some error comes up that does not mean what it says. Hope this helps! -- Kang Sun <Christian.Wittmer@intercomponentware.com> wrote in message news:OFC76E80F3.2450B1FE-ONC1256EDE.002E8C93-C1256EDE.003B237E@intercomponen tware.com... Hello, have some little problems adding user to domain with USRMGR.EXE My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4, smbldap-tools-0.8.5, openldap2-2.2.6 If I try to add a new user with USRMGR.EXE I get an error "Access denied", but if I look into LDAP the new user was correctly added to LDAP. If I confirm the error-message and then cancel the "NEW USER" Window and typing "F5" for refreshing the USRMGR. I can see the new user. By doubble-clicking the new User I am able to make any modification to the User without any error. What could be the problem ? Here is a part of /var/log/messages that Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1573) Jul 27 12:36:25 samba3 smbd[2149]: ldapsam_add_sam_account: User 'i00001' already in the base, with samba attributes Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2267) Jul 27 12:36:25 samba3 smbd[2149]: could not add user/computer i00001 to passdb. Check permissions? if you need more logs or sambalog with special loglevel just tell me. The same problem exists when joining a machine to DOMAIN. On first try => "Access denied" but correctly added to LDAP On second try => "Welcome to DOMAIN" Thanks for any help. Christian Wittmer --------------------------------- Büro/Office: +49 (0) 6227/385-120 Email: Christian.Wittmer@InterComponentWare.com InterComponentWare AG Otto-Hahn-Strasse 3 69190 Walldorf Zentrale/Main: +49 (6227) 385-100 http://www.intercomponentware.com http://www.lifesensor.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Christian.Wittmer@intercomponentware.com
2004-Jul-28 08:58 UTC
[Samba] Re: Samba3 - LDAP - USRMGR.EXE
"Kang Sun" <ksun@abinitio.com> Sent by: samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org 27.07.2004 16:00 To: samba@lists.samba.org cc: Subject: [Samba] Re: Samba3 - LDAP - USRMGR.EXE Hi Kang Sun,>Just a hunch, I didnot test myself. >In your smb.conf, did you set the "add user script" to add posix accountas>well as Windows account? If so, there might be a problem. >From what I read and understand, the script suppose to add Posix account >only, and samba will add the Windows account. If the Windows account isI tested it and if I add a user via USRMGR there is only a "posix account" in LDAP, but samba did not add the samba specific data to ldap. I only get an error like "User not found" And I could not find any error in log.smbd.>added by the "add user script", then Samba has to delete it or modify it, >which it might not have the previlege or some error comes up that doesnot>mean what it says. > >Hope this helps!Any other idea ? Thanks Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Post your "add user script" line from smb.conf You might be missing a flag or something.> I tested it and if I add a user via USRMGR there is only a "posix account" > in LDAP, but samba did not add the samba specific data to ldap. I only get > an error like "User not found" > And I could not find any error in log.smbd.-- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | -----------------------------------------------------------------
Christian.Wittmer@intercomponentware.com
2004-Jul-29 07:07 UTC
[Samba] Re: Samba3 - LDAP - USRMGR.EXE
"Jim C." <jcllings@javahop.com> Sent by: samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org 28.07.2004 18:05 To: samba@lists.samba.org cc: Subject: [Samba] Re: Samba3 - LDAP - USRMGR.EXE>Post your "add user script" line from smb.conf >You might be missing a flag or something.add user script = smbldap-useradd -m "%u" My line in was correct but /etc/ldap.conf was not. The problem was that LDAP searches the Machine in ou=People but it should search in ou=Machines. So I had to modifiy /etc/ldap.conf as following ---snip---- # RFC2307bis naming contexts # Syntax: # nss_base_XXX base?scope?filter # where scope is {base,one,sub} # and filter is a filter to be &'d with the # default filter. # You can omit the suffix eg: # nss_base_passwd ou=People, # to append the default base DN but this # may incur a small performance impact. #nss_base_passwd ou=People,dc=icw,dc=com?sub #nss_base_shadow ou=People,dc=icw,dc=com?sub nss_base_group ou=Groups,dc=icw,dc=com?sub nss_base_hosts ou=Machines,dc=icw,dc=com?sub I needed to comment nss_base_passwd, nss_base_shadow ( not using NIS , Jerome Tournier) Now it works without any problems Thanks Christian -- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | ----------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Christian.Wittmer@intercomponentware.com
2004-Jul-30 08:01 UTC
[Samba] Re: Samba3 - LDAP - USRMGR.EXE
"Jim C." <jcllings@javahop.com> 29.07.2004 21:09 To: Christian.Wittmer@intercomponentware.com cc: Subject: Re: [Samba] Re: Samba3 - LDAP - USRMGR.EXE>It may have been fixed but in 3.0.2a there is a bug having to do with >the users OU. Due to this bug, we have to put users and machines in the >same OU. Can't wait till they fix that one.I'm using 3.0.4. And it works fine for me with two OU's, ou=Machines and ou=People Chris> "Jim C." <jcllings@javahop.com> > Sent by: > samba-bounces+christian.wittmer=intercomponentware.com@lists.samba.org > 28.07.2004 18:05 > > > To: samba@lists.samba.org > cc: > Subject: [Samba] Re: Samba3 - LDAP - USRMGR.EXE > > > >>Post your "add user script" line from smb.conf >>You might be missing a flag or something. > > > add user script = smbldap-useradd -m "%u" > > My line in was correct but /etc/ldap.conf was not. > The problem was that LDAP searches the Machine in ou=People but itshould> search in ou=Machines. > So I had to modifiy /etc/ldap.conf as following > > ---snip---- > # RFC2307bis naming contexts > # Syntax: > # nss_base_XXX base?scope?filter > # where scope is {base,one,sub} > # and filter is a filter to be &'d with the > # default filter. > # You can omit the suffix eg: > # nss_base_passwd ou=People, > # to append the default base DN but this > # may incur a small performance impact. > #nss_base_passwd ou=People,dc=icw,dc=com?sub > #nss_base_shadow ou=People,dc=icw,dc=com?sub > nss_base_group ou=Groups,dc=icw,dc=com?sub > nss_base_hosts ou=Machines,dc=icw,dc=com?sub > > I needed to comment nss_base_passwd, nss_base_shadow ( not using NIS , > Jerome Tournier) > > Now it works without any problems > > Thanks > Christian >-- ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings@hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings@njs.netlab.cz | -----------------------------------------------------------------