Hi Samba People !
I'm experiencing some issues with the smbldap-tools suite and post it here
in
hope someone could give me some help. I want first to thank you if you take teh
time to read my message til the end, as it's a little bit long ;)
We do have a Debian Box on our LAN we use primarily as a File Server. This
server has initially been setup with Etch (4.0, net-install). I've upgraded
it
to Lenny (5.0) few days ago, and problems start to rise :/
Here is the problem that makes me crazy for 15 days now :
----
fano2:~# smbldap-useradd -a ploup
Can't call method "get_value" on an undefined value at
/usr/sbin/smbldap-
useradd line 232.
---
The related lines in smbldap-useradd script are :
----
229 # as grouprid we use the value of the sambaSID attribute for
230 # group of gidNumber=$userGidNumber
231 $group_entry = read_group_entry_gid($userGidNumber);
232 $userGroupSID = $group_entry->get_value('sambaSID');
233 unless ($userGroupSID) {
234 print "Error: SID not set for unix group $userGidNumber\n";
235 print "check if your unix group is mapped to an NT
group\n";
236 exit(7);
237 }
----
So this script can't retrieve the "sambaSID" value from
$group_entry, because
$group_entry is not defined.
If I add the line
----
print "Output of \$userGidNumber\n";
----
before line 231, the script output seems consistent :
----
fano2:~# smbldap-useradd -a ploup
Output of $userGidNumber : 513
Can't call method "get_value" on an undefined value at
/usr/sbin/smbldap-
useradd line 233.
----
as I do have a gidNumber set with the value 513 for the default group
"Domain
Users" :
----
fano2:~# smbldap-groupshow Domain\ users
dn: cn=Domain Users,ou=Groups,dc=faberNoveldap,dc=local
objectClass: top,posixGroup,sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaGroupType: 2
displayName: Domain Users
memberUid: ** Not shown here due to security purpose **
sambaSID: S-1-5-21-3439781798-418094041-3636104912-513
----
Nevertheless, I can create a user and samba access to share with ldap backend
still continue to work, but I've to create my user through numerous steps
(smbldap-usershow are here for information purpose) :
----
fano2:~# smbldap-useradd ploup
fano2:~# smbldap-passwd ploup
Changing UNIX password for ploup
New password:
Retype new password:
fano2:~# smbldap-usershow ploup
dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
objectClass:
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount
cn: ploup
sn: ploup
givenName: ploup
uid: ploup
uidNumber: 1095
gidNumber: 513
homeDirectory: /home/ploup
loginShell: /bin/bash
gecos: System User
userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
shadowLastChange: 14421
shadowMax: 3650
fano2:~# smbldap-usermod -a ploup
Can't call method "get_value" on an undefined value at
/usr/sbin/smbldap-
usermod line 183.
fano2:~# smbldap-usershow ploup
dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local
objectClass:
top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
cn: ploup
sn: ploup
givenName: ploup
uid: ploup
uidNumber: 1095
gidNumber: 513
homeDirectory: /home/ploup
loginShell: /bin/bash
gecos: System User
userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP
shadowLastChange: 14421
shadowMax: 3650
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaSID: S-1-5-21-3439781798-418094041-3636104912-3190
sambaAcctFlags: [UX]
----
As you can see, the "smbldap-usermod -a" returns an error, but the
scripts
creates at least some samba related attributes.
But "sambaPrimaryGroupSID" is not set....
I can now use phpldapadmin to add the sambaPrimaryGroupSID and set it to :
S-1-5-21-3439781798-418094041-3636104912-513 without any problems...
I add here the output of some commands :
fano2:~# slaptest
/usr/local/etc/openldap/slapd.conf: line 84: rootdn is always granted
unlimited privileges.
config file testing succeeded
fano2:~# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[** Not shown here due to security purpose **]"
[Snip.]
Processing section "[** Not shown here due to security purpose **]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_PDC
[Snip.]
fano2:~# aptitude search ldap | grep ^i
i ldap-utils - OpenLDAP utilities
i ldapscripts - Add and remove user and groups (stored in
i libldap-2.3-0 - OpenLDAP libraries
i libldap-2.4-2 - OpenLDAP libraries
i libldap2 - OpenLDAP libraries
i libldap2-dev - OpenLDAP development libraries
i A libnet-ldap-perl - A Client interface to LDAP servers
i A libnss-ldap - NSS module for using LDAP as a naming serv
i A libpam-ldap - Pluggable Authentication Module for LDAP
i php5-ldap - LDAP module for php5
i smbldap-tools - Scripts to manage Unix and Samba account
fano2:~# dpkg -l smbldap-tools
Souhait=inconnU/Install?/suppRim?/Purg?/H=? garder
| ?tat=Non/Install?/fichier-Config/d?paqUet?/?chec-conFig/H=semi-
install?/W=attend-traitement-d?clenchements
|/ Err?=(aucune)/H=? garder/besoin R?installation/X=les deux (?tat,Err:
majuscule=mauvais)
||/ Nom Version Description
+++-=========================-=========================-
=================================================================ii
smbldap-tools 0.9.4-1 Scripts to manage Unix
and Samba accounts stored on LDAP
fano2:~# cat /etc/apt/sources.list
deb http://ftp.fr.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.fr.debian.org/debian/ lenny main contrib non-free
deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free
deb http://www.backports.org/debian lenny-backports main contrib non-free
Thx for Reading gurus.
????????????????????????.
Arnaud Mombrial ? faberNovel
E-mail : arnaud.mombrial@fabernovel.com
T?l. : +33 1 42 72 2004 ? Mobile : +33 6 64 20 43 24
42, boulevard de S?bastopol 75003 Paris France
1436 A Howard Street San Francisco CA 94103 USA
Web : www.faberNovel.com
????????????????????????..
This email is : [ ] bloggable [ ] ask first [X] private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url :
http://lists.samba.org/archive/samba/attachments/20090626/f6469453/attachment.bin
Hi, Have you tried to reinstall smbldap-tools? We have the same smbldap-tools package (0.9.4-1), but the file smbldap-useradd appears to be different. The same content that you indicate as line 231, in our file is on line 202. Regards, Tisdn 2009/6/26 Arnaud Mombrial <arnaud.mombrial@fabernovel.com>> > Hi Samba People ! > > I'm experiencing some issues with the smbldap-tools suite and post it here > in > hope someone could give me some help. I want first to thank you if you take > teh > time to read my message til the end, as it's a little bit long ;) > > We do have a Debian Box on our LAN we use primarily as a File Server. This > server has initially been setup with Etch (4.0, net-install). I've upgraded > it > to Lenny (5.0) few days ago, and problems start to rise :/ > > Here is the problem that makes me crazy for 15 days now : > > ---- > fano2:~# smbldap-useradd -a ploup > Can't call method "get_value" on an undefined value at /usr/sbin/smbldap- > useradd line 232. > --- > > > The related lines in smbldap-useradd script are : > > > ---- > 229 # as grouprid we use the value of the sambaSID attribute for > 230 # group of gidNumber=$userGidNumber > 231 $group_entry = read_group_entry_gid($userGidNumber); > 232 $userGroupSID = $group_entry->get_value('sambaSID'); > 233 unless ($userGroupSID) { > 234 print "Error: SID not set for unix group $userGidNumber\n"; > 235 print "check if your unix group is mapped to an NT group\n"; > 236 exit(7); > 237 } > ---- > > > So this script can't retrieve the "sambaSID" value from $group_entry, > because > $group_entry is not defined. > > If I add the line > > ---- > print "Output of \$userGidNumber\n"; > ---- > > before line 231, the script output seems consistent : > > ---- > fano2:~# smbldap-useradd -a ploup > Output of $userGidNumber : 513 > Can't call method "get_value" on an undefined value at /usr/sbin/smbldap- > useradd line 233. > ---- > > as I do have a gidNumber set with the value 513 for the default group > "Domain > Users" : > > ---- > fano2:~# smbldap-groupshow Domain\ users > dn: cn=Domain Users,ou=Groups,dc=faberNoveldap,dc=local > objectClass: top,posixGroup,sambaGroupMapping > gidNumber: 513 > cn: Domain Users > description: Netbios Domain Users > sambaGroupType: 2 > displayName: Domain Users > memberUid: ** Not shown here due to security purpose ** > sambaSID: S-1-5-21-3439781798-418094041-3636104912-513 > ---- > > Nevertheless, I can create a user and samba access to share with ldap > backend > still continue to work, but I've to create my user through numerous steps > (smbldap-usershow are here for information purpose) : > > ---- > fano2:~# smbldap-useradd ploup > fano2:~# smbldap-passwd ploup > Changing UNIX password for ploup > New password: > Retype new password: > fano2:~# smbldap-usershow ploup > dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local > objectClass: > top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount > cn: ploup > sn: ploup > givenName: ploup > uid: ploup > uidNumber: 1095 > gidNumber: 513 > homeDirectory: /home/ploup > loginShell: /bin/bash > gecos: System User > userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP > shadowLastChange: 14421 > shadowMax: 3650 > fano2:~# smbldap-usermod -a ploup > Can't call method "get_value" on an undefined value at /usr/sbin/smbldap- > usermod line 183. > fano2:~# smbldap-usershow ploup > dn: uid=ploup,ou=Users,dc=faberNoveldap,dc=local > objectClass: > > top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount > cn: ploup > sn: ploup > givenName: ploup > uid: ploup > uidNumber: 1095 > gidNumber: 513 > homeDirectory: /home/ploup > loginShell: /bin/bash > gecos: System User > userPassword: {SSHA}Hx0Myq136qqRFTLWk1zf49oJ3iROR3lP > shadowLastChange: 14421 > shadowMax: 3650 > sambaPwdLastSet: 0 > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 2147483647 > sambaSID: S-1-5-21-3439781798-418094041-3636104912-3190 > sambaAcctFlags: [UX] > ---- > > As you can see, the "smbldap-usermod -a" returns an error, but the scripts > creates at least some samba related attributes. > > But "sambaPrimaryGroupSID" is not set.... > > I can now use phpldapadmin to add the sambaPrimaryGroupSID and set it to : > S-1-5-21-3439781798-418094041-3636104912-513 without any problems... > > > I add here the output of some commands : > > > fano2:~# slaptest > /usr/local/etc/openldap/slapd.conf: line 84: rootdn is always granted > unlimited privileges. > config file testing succeeded > > > fano2:~# testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[** Not shown here due to security purpose **]" > [Snip.] > Processing section "[** Not shown here due to security purpose **]" > Loaded services file OK. > WARNING: You have some share names that are longer than 12 characters. > These may not be accessible to some older clients. > (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) > Server role: ROLE_DOMAIN_PDC > [Snip.] > > > fano2:~# aptitude search ldap | grep ^i > i ldap-utils - OpenLDAP utilities > i ldapscripts - Add and remove user and groups (stored > in > i libldap-2.3-0 - OpenLDAP libraries > i libldap-2.4-2 - OpenLDAP libraries > i libldap2 - OpenLDAP libraries > i libldap2-dev - OpenLDAP development libraries > i A libnet-ldap-perl - A Client interface to LDAP servers > i A libnss-ldap - NSS module for using LDAP as a naming > serv > i A libpam-ldap - Pluggable Authentication Module for LDAP > i php5-ldap - LDAP module for php5 > i smbldap-tools - Scripts to manage Unix and Samba account > > > fano2:~# dpkg -l smbldap-tools > Souhait=inconnU/Install?/suppRim?/Purg?/H=? garder > | ?tat=Non/Install?/fichier-Config/d?paqUet?/?chec-conFig/H=semi- > install?/W=attend-traitement-d?clenchements > |/ Err?=(aucune)/H=? garder/besoin R?installation/X=les deux (?tat,Err: > majuscule=mauvais) > ||/ Nom Version Description > +++-=========================-=========================- > =================================================================> ii smbldap-tools 0.9.4-1 Scripts to manage > Unix > and Samba accounts stored on LDAP > > > fano2:~# cat /etc/apt/sources.list > deb http://ftp.fr.debian.org/debian/ lenny main contrib non-free > deb-src http://ftp.fr.debian.org/debian/ lenny main contrib non-free > > deb http://security.debian.org/ lenny/updates main contrib non-free > deb-src http://security.debian.org/ lenny/updates main contrib non-free > > deb http://www.backports.org/debian lenny-backports main contrib non-free > > > Thx for Reading gurus. > > > ????????????????????????. > Arnaud Mombrial ? faberNovel > > E-mail : arnaud.mombrial@fabernovel.com > T?l. : +33 1 42 72 2004 ? Mobile : +33 6 64 20 43 24 > 42, boulevard de S?bastopol 75003 Paris France > 1436 A Howard Street San Francisco CA 94103 USA > Web : www.faberNovel.com > ????????????????????????.. > This email is : [ ] bloggable [ ] ask first [X] private > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
The smbldap-tools developer's homepage is here: http://www.iallanis.info/ You will find smbldap-tools-0.9.6-pre1 here: http://www.iallanis.info/smbldap-tools/development_release/ It worked well for me. If you prefer, smbldap-tools-0.9.5-1 final is here: <smbldap-tools-0.9.5-1.src.rpm> http://www.iallanis.info/smbldap-tools/