samba - May 2017 - samba-tool cannot add or remove group members

> Do you have users in /etc/passwd ?
I only have original debian system users
> If so, are you trying to add one of these users to an AD group ?
no

On Tue, 30 May 2017 10:01:35 +0200 (CEST)
Sébastien QUESSON via samba <samba at lists.samba.org> wrote:
> 
> > Do you have users in /etc/passwd ?
> I only have original debian system users
> > If so, are you trying to add one of these users to an AD group ?
> no
> 
Then I don't understand why you cannot add a user to a group with
samba-tool. The only way I can get it to fail is if I use
"DOMAIN\username" instead of just 'username'

This is the code that searches for the username:

for member in members:
    targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
                        expression="(|(sAMAccountName=%s)(CN=%s))" % (
        ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[])

    if len(targetmember) != 1:
        raise Exception('Unable to find "%s". Operation
cancelled.' % member)

All I can think of is, you have a user with 'sAMAccountName=username'
and another with 'CN=username', this could lead to
'len(targetmember)'
being 2

Rowland

On Tue, 30 May 2017 09:22:59 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> All I can think of is, you have a user with
'sAMAccountName=username'
> and another with 'CN=username', this could lead to
'len(targetmember)'
> being 2
> 
OK, I can confirm my thoughts, if I run:

ldbsearch -H /usr/local/samba/private/sam.ldb -b
dc=samdom,dc=example,dc=com -s sub
"(|(sAMAccountName=rowland)(CN=rowland))"

I get:

# record 1
dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
CN: Rowland Penny
sAMAccountName: rowland

# record 2
dn: CN=rowland,OU=SUDOers,DC=samdom,DC=example,DC=com
CN: rowland

NOTE: other attributes removed for brevity.

If I now try to add 'rowland' to a group, I get this:

root at dc1:~# samba-tool group addmembers group12 rowland
ERROR(exception): Failed to add members "rowland" to group
"group12" - Unable to find "rowland". Operation cancelled.
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/group.py",
line 239, in run
    add_members_operation=True)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/samdb.py",
line 278, in add_remove_group_members
    raise Exception('Unable to find "%s". Operation
cancelled.' % member)

Now just to think of a way around this.

Rowland