samba - Sep 2005 - strange error 1937

Hi,
After configuring and populating I try to add the accounts from a NT4
domain.
The "net rpc samdump -S SERVERNAME" works as expected.
I can see the Password hashes and all computers and users.
After that I try to NET VAMPIRE.....
The groups were added fine but for each computer and user account I get
this error:

...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
ldapsam_add_sam_account: failed to modify/add user with uid = .....

the normal smbldap-useradd works also as expected. I try all findable
documentation and searched for this error but found nothing. I try it
with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the
same result....


---SNIP---------------------------------------------------------------------------------
The ldap log tell me:
.... conn=2 op=94 SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=user2))"
.... conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn
homeDirectory loginShell gecos description objectClass
.... conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text.... conn=1 op=186
SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
.... conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
.... conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text.... conn=1 op=187
SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(&(objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount))"
.... conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours
.... conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text.... conn=1 op=188
SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
.... conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
.... conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text.... conn=1 op=189
SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(objectClass=sambaSamAccount)(uid=user2))"
.... conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours
.... conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text.... conn=1 op=190
SRCH base="dc=example,dc=com" scope=2 deref=0
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
.... conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory
sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours
.... conn=1 op=190 SEARCH RESULT tag=101 err=0 nentries=0 text.... conn=1 op=191
ADD dn="uid=user2,dc=example,dc=com"
.... conn=1 op=191 RESULT tag=105 err=68 text=?V^W^H^X^V.A
\204?,@^P3^W^HDx,@????\234^[.A\210x8@0L^I^H\210x8@^H^V.A@x8@^HY^W^H^C
--SNAP-------------------------------------------------------------------

This is the add user script:
add user script = smbldap-useradd "%u"

I take a look at the pdb_ldap.c and the error seems to be produced in
the following lines:

	ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op,
element_is_set_or_changed);
	if (!NT_STATUS_IS_OK(ret)) {
		DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid
= %s (dn = %s)\n",
			 pdb_get_username(newpwd),dn));
		ldap_mods_free(mods, True);
		return ret;
	}


Can someone help me with this?

thank you

greetings mario gzuk

Hi again,
Nobody can help me on this mailing list or are there some missing
informations? Maybe there is an other mailing list for such problems?

thank you 

greetings mario
> Hi,
> After configuring and populating I try to add the accounts from a NT4
> domain.
> The "net rpc samdump -S SERVERNAME" works as expected.
> I can see the Password hashes and all computers and users.
> After that I try to NET VAMPIRE.....
> The groups were added fine but for each computer and user account I get
> this error:
> 
> ...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
> ldapsam_add_sam_account: failed to modify/add user with uid = .....
> 
> the normal smbldap-useradd works also as expected. I try all findable
> documentation and searched for this error but found nothing. I try it
> with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the
> same result....
> 
> 
>
---SNIP---------------------------------------------------------------------------------
> The ldap log tell me:
> .... conn=2 op=94 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=user2))"
> .... conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
> .... conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text> ....
conn=1 op=186 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
> .... conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
> .... conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=187 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(&(objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount))"
> .... conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=188 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
> .... conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
> .... conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=189 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=sambaSamAccount)(uid=user2))"
> .... conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=190 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
> .... conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=190 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=191 ADD dn="uid=user2,dc=example,dc=com"
> .... conn=1 op=191 RESULT tag=105 err=68 text=?V^W^H^X^V.A
> \204?,@^P3^W^HDx,@????\234^[.A\210x8@0L^I^H\210x8@^H^V.A@x8@^HY^W^H^C
> --SNAP-------------------------------------------------------------------
> 
> This is the add user script:
> add user script = smbldap-useradd "%u"
> 
> I take a look at the pdb_ldap.c and the error seems to be produced in
> the following lines:
> 
> 	ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op,
> element_is_set_or_changed);
> 	if (!NT_STATUS_IS_OK(ret)) {
> 		DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with
uid
> = %s (dn = %s)\n",
> 			 pdb_get_username(newpwd),dn));
> 		ldap_mods_free(mods, True);
> 		return ret;
> 	}
> 
> 
> Can someone help me with this?
> 
> thank you
> 
> greetings mario gzuk
>

On Thursday 22 September 2005 11:44, Mario Gzuk wrote:
> Hi,
> After configuring and populating I try to add the accounts from a NT4
> domain.
> The "net rpc samdump -S SERVERNAME" works as expected.
> I can see the Password hashes and all computers and users.
> After that I try to NET VAMPIRE.....
> The groups were added fine but for each computer and user account I get
> this error:
> 
> ...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937)
> ldapsam_add_sam_account: failed to modify/add user with uid = .....
> 
> the normal smbldap-useradd works also as expected. I try all findable
> documentation and searched for this error but found nothing. I try it
> with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the
> same result....
> 
> 
>
---SNIP---------------------------------------------------------------------------------
> The ldap log tell me:
> .... conn=2 op=94 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=user2))"
> .... conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn
> homeDirectory loginShell gecos description objectClass
> .... conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text> ....
conn=1 op=186 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
> .... conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
> .... conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=187 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(&(objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount))"
> .... conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=188 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount))"
> .... conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
> .... conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=189 SRCH base="dc=example,dc=com" scope=2 deref=0
> filter="(&(objectClass=sambaSamAccount)(uid=user2))"
> .... conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=190 SRCH base="dc=example,dc=com" scope=2 deref=0
>
filter="(&(sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))"
> .... conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory
> sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
> sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive
> sambaHomePath sambaLogonScript sambaProfilePath description
> sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
> sambaNTPassword sambaDomainName objectClass sambaAcctFlags
> sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
> sambaPasswordHistory modifyTimestamp sambaLogonHours
> .... conn=1 op=190 SEARCH RESULT tag=101 err=0 nentries=0 text> ....
conn=1 op=191 ADD dn="uid=user2,dc=example,dc=com"
> .... conn=1 op=191 RESULT tag=105 err=68 text=?V^W^H^X^V.A
> \204?,@^P3^W^HDx,@????\234^[.A\210x8@0L^I^H\210x8@^H^V.A@x8@^HY^W^H^C
> --SNAP-------------------------------------------------------------------
> 
> This is the add user script:
> add user script = smbldap-useradd "%u"
Try to isolate it first to failing invocation of smldap-useradd
<something>

add user script = debug_script "%u"

wher debug_script is something like this:

#!/bin/sh
env >/tmp/useradd.env
strace -o /tmp/useradd.strace smbldap-useradd "%u" 1>/tmp/useradd.1
2>/tmp/useradd.2

Then you will be adle to experiment with failing command
without need to do full "net vampire" run.
--
vda

Am Freitag, den 23.09.2005, 16:05 +0300 schrieb Denis Vlasenko:
> Try to isolate it first to failing invocation of smldap-useradd
<something>
> 
> add user script = debug_script "%u"
> 
> wher debug_script is something like this:
> 
> #!/bin/sh
> env >/tmp/useradd.env
> strace -o /tmp/useradd.strace smbldap-useradd "%u"
1>/tmp/useradd.1 2>/tmp/useradd.2
> 
> Then you will be adle to experiment with failing command
> without need to do full "net vampire" run.
> --
> vda
Thanks for the answer! But thats not the problem. The smbldap-useradd
work as expected if I run it from command line.

If I do a net vampire I have to use smbldap-useradd without the "-a"
flag. The samba account will be created by the net vampire command. So
the problem comes from net vampire and not from smbldap-useradd (IMHO).


PS: better will be:

#!/bin/sh
env >/tmp/useradd.env
strace -o /tmp/useradd.strace smbldap-useradd "$1"
1>/tmp/useradd.$1.log
2>/tmp/useradd.$1.err

Mario Gzuk wrote: 
> 
> ...
> Nobody can help me on this mailing list or are there some missing
> informations? Maybe there is an other mailing list for such problems?
> ...
> 
Nabble has a large software mailing list archive here:
http://www.nabble.com/Software-f94.html

Search for "smbldap-useradd" yields results from lists in Samba,
Debian, and Open-Xchange communities.

Try there, even if you could not find an exact answer, you can probably find the
people who has discussed similiar issues that you can post a reply there or
email them privately, hopefully they will respond.
--
Sent from the Samba forum at Nabble.com:
http://www.nabble.com/strange-error-1937-t333330.html#a945117

Am Freitag, den 23.09.2005, 16:05 +0300 schrieb Denis Vlasenko:
> Try to isolate it first to failing invocation of smldap-useradd
<something>
> 
> add user script = debug_script "%u"
> 
> wher debug_script is something like this:
> 
> #!/bin/sh
> env >/tmp/useradd.env
> strace -o /tmp/useradd.strace smbldap-useradd "%u"
1>/tmp/useradd.1 2>/tmp/useradd.2
> 
> Then you will be adle to experiment with failing command
> without need to do full "net vampire" run.
> --
> vda
Thanks for the answer! But thats not the problem. The smbldap-useradd
work as expected if I run it from command line.

If I do a net vampire I have to use smbldap-useradd without the "-a"
flag. The samba account will be created by the net vampire command. So
the problem comes from net vampire and not from smbldap-useradd (IMHO).


PS: better will be:

#!/bin/sh
env >/tmp/useradd.env
strace -o /tmp/useradd.strace smbldap-useradd "$1"
1>/tmp/useradd.$1.log
2>/tmp/useradd.$1.err
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050923/b36b9789/attachment.bin