samba - Mar 2016 - Segmentation Fault when trying to set root samba password, IPA as a backend

On 06/03/16 16:43, Harry Jede wrote:
> On 17:34:10 wrote Rowland penny:
>> On 06/03/16 15:53, Harry Jede wrote:
>>> On 16:47:40 wrote Rowland penny:
>>>> /usr/local/samba/bin/smbpasswd -a ldap02
>>> as far as i remember this has never worked! According to the man
>>> page this call should add a user to the *local* smb password
>>> store. And this is by default /etc/samba/smbpasswd and not any
>>> ldap backend.
>>>
>>> If one wish to use any ldap backend more params are needed. RTFM
>> In that case, how am I adding users that don't exist in /etc/passwd
>> to ldap with 'smbpasswd -a username' ?
> you may use any other tool or script., bot *not* smbpasswd
>
>> Perhaps you need to read the manpage again, pay particular attention
>> to ldapsam:editposix
> this is a smb.conf param and as such is explained in man smb.conf.
>
> I read man smbpasswd. Here a short snippet:
>
> OPTIONS
>         -a
> This option specifies that the username following should be added to the
> *local smbpasswd file* , with the new password typed (type <Enter>
for
> the old password). This option is ignored if the username following
> already exists in the smbpasswd file and it is treated like a regular
> change password command. Note that the default passdb backends *require
> the user to already exist in the system password file* (usually
> /etc/passwd), *else the request to add the user will fail* .
>
>> Rowland
>
so, if a user *must* exist in /etc/passwd, how did I end up with this in 
ldap after running 'smbpasswd -a ldap10':

dn: uid=ldap10,ou=users,dc=example,dc=com
uid: ldap10
sambaSID: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1012
objectClass: sambaSamAccount
objectClass: account
objectClass: posixAccount
cn: ldap10
uidNumber: 10008
gidNumber: 10000
homeDirectory: /home/ldap10
loginShell: /bin/bash
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sambaPasswordHistory: 
00000000000000000000000000000000000000000000000000000000
  00000000
sambaPwdLastSet: 1457275169
sambaAcctFlags: [U          ]

and 'cat /etc/passwd | grep ldap10' returns nothing ??????

Rowland

On 18:30:33 wrote Rowland penny:
> On 06/03/16 16:43, Harry Jede wrote:
> > On 17:34:10 wrote Rowland penny:
> >> On 06/03/16 15:53, Harry Jede wrote:
> >>> On 16:47:40 wrote Rowland penny:
> >>>> /usr/local/samba/bin/smbpasswd -a ldap02
> >>> 
> >>> as far as i remember this has never worked! According to the
man
> >>> page this call should add a user to the *local* smb password
> >>> store. And this is by default /etc/samba/smbpasswd and not any
> >>> ldap backend.
> >>> 
> >>> If one wish to use any ldap backend more params are needed.
RTFM
> >> 
> >> In that case, how am I adding users that don't exist in
> >> /etc/passwd to ldap with 'smbpasswd -a username' ?
> > 
> > you may use any other tool or script., bot *not* smbpasswd
> > 
> >> Perhaps you need to read the manpage again, pay particular
> >> attention to ldapsam:editposix
> > 
> > this is a smb.conf param and as such is explained in man smb.conf.
> > 
> > I read man smbpasswd. Here a short snippet:
> > 
> > OPTIONS
> > 
> >         -a
> > 
> > This option specifies that the username following should be added
> > to the *local smbpasswd file* , with the new password typed (type
> > <Enter> for the old password). This option is ignored if the
> > username following already exists in the smbpasswd file and it is
> > treated like a regular change password command. Note that the
> > default passdb backends *require the user to already exist in the
> > system password file* (usually /etc/passwd), *else the request to
> > add the user will fail* .
> > 
> >> Rowland
> 
> so, if a user *must* exist in /etc/passwd, how did I end up with this
> in ldap after running 'smbpasswd -a ldap10':
> 
> dn: uid=ldap10,ou=users,dc=example,dc=com
> uid: ldap10
> sambaSID: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1012
> objectClass: sambaSamAccount
> objectClass: account
> objectClass: posixAccount
> cn: ldap10
> uidNumber: 10008
> gidNumber: 10000
> homeDirectory: /home/ldap10
> loginShell: /bin/bash
> sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
>   00000000
> sambaPwdLastSet: 1457275169
> sambaAcctFlags: [U          ]
Does this happen on a system with or without Volkers new fix?

Rowland I have not written the smbpasswd man page!

If the man page says the user must exist. OK, then i believe it is true. 
If the man page says this tool works against the local smbpasswd store 
then i believe it is true.
If the man page says the local passwd store is the file 
/etc/samba/smbpasswd then I believe it is true.

*And* if if read this document
https://wiki.samba.org/index.php/Samba_3.4_Features_added/changed
section *Configuration changes* i am pretty sure this thread waste a lot 
of time.
> and 'cat /etc/passwd | grep ldap10' returns nothing ??????
> 
> Rowland

-- 

Regards
	Harry Jede

On 06/03/16 17:55, Harry Jede wrote:
> On 18:30:33 wrote Rowland penny:
>> On 06/03/16 16:43, Harry Jede wrote:
>>> On 17:34:10 wrote Rowland penny:
>>>> On 06/03/16 15:53, Harry Jede wrote:
>>>>> On 16:47:40 wrote Rowland penny:
>>>>>> /usr/local/samba/bin/smbpasswd -a ldap02
>>>>> as far as i remember this has never worked! According to
the man
>>>>> page this call should add a user to the *local* smb
password
>>>>> store. And this is by default /etc/samba/smbpasswd and not
any
>>>>> ldap backend.
>>>>>
>>>>> If one wish to use any ldap backend more params are needed.
RTFM
>>>> In that case, how am I adding users that don't exist in
>>>> /etc/passwd to ldap with 'smbpasswd -a username' ?
>>> you may use any other tool or script., bot *not* smbpasswd
>>>
>>>> Perhaps you need to read the manpage again, pay particular
>>>> attention to ldapsam:editposix
>>> this is a smb.conf param and as such is explained in man smb.conf.
>>>
>>> I read man smbpasswd. Here a short snippet:
>>>
>>> OPTIONS
>>>
>>>          -a
>>>
>>> This option specifies that the username following should be added
>>> to the *local smbpasswd file* , with the new password typed (type
>>> <Enter> for the old password). This option is ignored if the
>>> username following already exists in the smbpasswd file and it is
>>> treated like a regular change password command. Note that the
>>> default passdb backends *require the user to already exist in the
>>> system password file* (usually /etc/passwd), *else the request to
>>> add the user will fail* .
>>>
>>>> Rowland
>> so, if a user *must* exist in /etc/passwd, how did I end up with this
>> in ldap after running 'smbpasswd -a ldap10':
>>
>> dn: uid=ldap10,ou=users,dc=example,dc=com
>> uid: ldap10
>> sambaSID: S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-1012
>> objectClass: sambaSamAccount
>> objectClass: account
>> objectClass: posixAccount
>> cn: ldap10
>> uidNumber: 10008
>> gidNumber: 10000
>> homeDirectory: /home/ldap10
>> loginShell: /bin/bash
>> sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> sambaPasswordHistory:
>> 00000000000000000000000000000000000000000000000000000000
>>    00000000
>> sambaPwdLastSet: 1457275169
>> sambaAcctFlags: [U          ]
> Does this happen on a system with or without Volkers new fix?
Volkers fix (for me) just gets the password added, without the fix, the 
user is created but the password doesn't get added.
>
> Rowland I have not written the smbpasswd man page!
>
> If the man page says the user must exist. OK, then i believe it is true.
> If the man page says this tool works against the local smbpasswd store
> then i believe it is true.
> If the man page says the local passwd store is the file
> /etc/samba/smbpasswd then I believe it is true.
Well, lets put it this way, when and if the secondary segfault gets 
fixed, I will be proposing patches to the smb.conf manpage.
>
> *And* if if read this document
> https://wiki.samba.org/index.php/Samba_3.4_Features_added/changed
> section *Configuration changes* i am pretty sure this thread waste a lot
> of time.
There is a page here: https://wiki.samba.org/index.php/Ldapsam_Editposix

This describes how to set up ldapsam without smbldap-tools

There is also this page (in japanese): 
http://wiki.samba.gr.jp/mediawiki/index.php?title=How_to_build_Samba_PDC_%28squeeze%29

They are both slightly wrong if used with Samba 4, syntax etc, but I 
have an NT4-style PDC running in a test VM, without any sign of 
smbldap-tools. The only problem seems to be in actually creating users 
and this is mostly fixed.

Rowland
>
>> and 'cat /etc/passwd | grep ldap10' returns nothing ??????
>>
>> Rowland
>