Chris St. Pierre
2004-Aug-26 16:50 UTC
[Samba] smbpasswd complains about LDAP: "Object class violation"
I'm trying to get Samba on a Mac OS X box running as a PDC with an LDAP backend. I've read through all of the major walkthroughs I can find, and we've actually already got it running very nicely as a file server; people are currently authenticating against a different PDC and then mapping drives from the Samba box in question. However, I'd like it to be the PDC eventually, but I'm running up against a problem. It is my understanding that the machine trust accounts need to be added with smbpasswd (or an LDAP workaround such as the smbldap-useradd.pl that comes with samba), but smbpasswd fails with the following error: -------------------------------- # ./smbpasswd -a -m guinea-pig$ ldap_connect_system: Binding to ldap server as "cn=directory manager" LDAP search "(&(uid=guinea-pig_)(objectclass=sambaAccount))" returned 0 entries. ldap_connect_system: Binding to ldap server as "cn=directory manager" failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ -------------------------------- The best thing I could find on the web was this: http://lists.samba.org/archive/samba/2003-February/062371.html, which only suggests upping my debug level. Doing so provides no better info, though: -------------------------------- ./smbpasswd -D 10 -a -m guinea-pig$ [snip] Initializing connection to newman.nebrwesleyan.edu on port 389 ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as "cn=directory manager" ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=guinea-pig$)(objectclass=sambaAccount))] ldap_search_one_user: searching for:[uid=guinea-pig$] User exists without samba properties: adding them Setting entry for user: guinea-pig$ failed to modify user with uid = guinea-pig$ with: Object class violation Failed to add entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ -------------------------------- If that thread I linked to is correct, then smbpasswd is trying to add the machine user guinea-pig$ with the structural objectClass "sambaAccount" -- which is bogus. If that's the case, is there a fix that doesn't involve hacking smbpasswd? Or, if that's not the case, what is and how do I fix it? Thanks for your help! Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549
Chris St. Pierre
2004-Aug-27 15:50 UTC
[Samba] smbpasswd complains about LDAP: "Object class violation"
Here's more info for anyone who's interested: Quite the opposite of what I expected, smbldap-useradd.pl is not using sambaAccount as the structural objectClass; it's not using it *at all*. Here's a sample: ----------------------------- # ldapsearch -LLL -b "ou=machines,o=nebrwesleyan.edu,o=isp" "uid=guinea*" dn: uid=guinea-pig$,ou=Machines,o=NebrWesleyan.edu,o=isp objectClass: top objectClass: posixAccount cn: guinea-pig$ uid: guinea-pig$ uidNumber: 1001 gidNumber: 1 homeDirectory: /dev/null loginShell: /bin/false description: Computer ----------------------------- Adding the sambaAccount objectClass manually helped, actually; now I get this: ----------------------------- # ./smbpasswd -a -m guinea-pig$ ldap_connect_system: Binding to ldap server as "cn=directory manager" ldap_connect_system: Binding to ldap server as "cn=directory manager" failed to modify user with uid = guinea-pig$ with: Object class violation Password changed for user guinea-pig$. Failed to modify entry for user guinea-pig$. Failed to modify password entry for user guinea-pig$ ----------------------------- Again, though, setting the debug level to 10 doesn't help much. And again, there's still an object class violation. Anyone have any ideas what this one might be? Thanks. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 On Thu, 26 Aug 2004, Chris St. Pierre wrote:>I'm trying to get Samba on a Mac OS X box running as a PDC with an >LDAP backend. I've read through all of the major walkthroughs I can >find, and we've actually already got it running very nicely as a file >server; people are currently authenticating against a different PDC >and then mapping drives from the Samba box in question. > >However, I'd like it to be the PDC eventually, but I'm running up >against a problem. It is my understanding that the machine trust >accounts need to be added with smbpasswd (or an LDAP workaround such >as the smbldap-useradd.pl that comes with samba), but smbpasswd >fails with the following error: > >-------------------------------- ># ./smbpasswd -a -m guinea-pig$ >ldap_connect_system: Binding to ldap server as "cn=directory manager" >LDAP search "(&(uid=guinea-pig_)(objectclass=sambaAccount))" returned >0 entries. >ldap_connect_system: Binding to ldap server as "cn=directory manager" >failed to modify user with uid = guinea-pig$ with: Object class >violation > >Failed to add entry for user guinea-pig$. >Failed to modify password entry for user guinea-pig$ >-------------------------------- > >The best thing I could find on the web was this: >http://lists.samba.org/archive/samba/2003-February/062371.html, which >only suggests upping my debug level. Doing so provides no better >info, though: > >-------------------------------- >./smbpasswd -D 10 -a -m guinea-pig$ >[snip] >Initializing connection to newman.nebrwesleyan.edu on port 389 >ldap_open_connection: connection opened >ldap_connect_system: Binding to ldap server as "cn=directory manager" >ldap_connect_system: succesful connection to the LDAP server >ldap_search_one_user: searching >for:[(&(uid=guinea-pig$)(objectclass=sambaAccount))] >ldap_search_one_user: searching for:[uid=guinea-pig$] >User exists without samba properties: adding them >Setting entry for user: guinea-pig$ >failed to modify user with uid = guinea-pig$ with: Object class >violation > >Failed to add entry for user guinea-pig$. >Failed to modify password entry for user guinea-pig$ >-------------------------------- > >If that thread I linked to is correct, then smbpasswd is trying to add >the machine user guinea-pig$ with the structural objectClass >"sambaAccount" -- which is bogus. If that's the case, is there a fix >that doesn't involve hacking smbpasswd? Or, if that's not the case, >what is and how do I fix it? Thanks for your help! > >Chris St. Pierre >Unix Systems Administrator >Nebraska Wesleyan University >402.465.7549 > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba >