On Tue, 30 May 2017 09:22:59 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> > All I can think of is, you have a user with 'sAMAccountName=username' > and another with 'CN=username', this could lead to 'len(targetmember)' > being 2 >OK, I can confirm my thoughts, if I run: ldbsearch -H /usr/local/samba/private/sam.ldb -b dc=samdom,dc=example,dc=com -s sub "(|(sAMAccountName=rowland)(CN=rowland))" I get: # record 1 dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com CN: Rowland Penny sAMAccountName: rowland # record 2 dn: CN=rowland,OU=SUDOers,DC=samdom,DC=example,DC=com CN: rowland NOTE: other attributes removed for brevity. If I now try to add 'rowland' to a group, I get this: root at dc1:~# samba-tool group addmembers group12 rowland ERROR(exception): Failed to add members "rowland" to group "group12" - Unable to find "rowland". Operation cancelled. File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/group.py", line 239, in run add_members_operation=True) File "/usr/local/samba/lib/python2.7/site-packages/samba/samdb.py", line 278, in add_remove_group_members raise Exception('Unable to find "%s". Operation cancelled.' % member) Now just to think of a way around this. Rowland
On Tue, 30 May 2017 10:30:27 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Tue, 30 May 2017 09:22:59 +0100 > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > > All I can think of is, you have a user with > > 'sAMAccountName=username' and another with 'CN=username', this > > could lead to 'len(targetmember)' being 2 > > > > OK, I can confirm my thoughts, if I run: > > ldbsearch -H /usr/local/samba/private/sam.ldb -b > dc=samdom,dc=example,dc=com -s sub > "(|(sAMAccountName=rowland)(CN=rowland))" > > I get: > > # record 1 > dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com > CN: Rowland Penny > sAMAccountName: rowland > > # record 2 > dn: CN=rowland,OU=SUDOers,DC=samdom,DC=example,DC=com > CN: rowland > > NOTE: other attributes removed for brevity. > > If I now try to add 'rowland' to a group, I get this: > > root at dc1:~# samba-tool group addmembers group12 rowland > ERROR(exception): Failed to add members "rowland" to group "group12" > - Unable to find "rowland". Operation cancelled. File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/group.py", > line 239, in run add_members_operation=True) File > "/usr/local/samba/lib/python2.7/site-packages/samba/samdb.py", line > 278, in add_remove_group_members raise Exception('Unable to find > "%s". Operation cancelled.' % member) > > Now just to think of a way around this. > > Rowland > > >OK, I think I have a fix, find 'samdb.py' on your DC, open it in your favourite editor and find this line: def add_remove_group_members(self, groupname, members, It should be around line 240 Go down to about line 270, where you should find these two lines: expression="(|(sAMAccountName=%s)(CN=%s))" % ( ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[]) Change them to: expression="(sAMAccountName=%s)" % ( ldb.binary_encode(member)), attrs=[]) You should then be able to add your user to the group: root at dc1:~# samba-tool group addmembers group12 rowland Added members to group group12 Rowland
Sébastien QUESSON
2017-May-30 11:09 UTC
[Samba] samba-tool cannot add or remove group members
> > > All I can think of is, you have a user with > > > 'sAMAccountName=username' and another with 'CN=username', this > > > could lead to 'len(targetmember)' being 2yeah, that's the point I created my users with : samba-tool user add user password --use-username-as-cn> OK, I think I have a fix, find 'samdb.py' on your DC, open it in your > favourite editor and find this line: > You should then be able to add your user to the group:samba-tool group addmembers is OK now! do I have to maintain manually this file, or will it be ported in next samba versions? thank you very much for your great support, Rowland!
Seemingly Similar Threads
- samba-tool cannot add or remove group members
- Unable to add a particular member to group (Samba 4.6.3)
- Unable to add a particular member to group (Samba 4.6.3)
- Unable to add a particular member to group (Samba 4.6.3)
- samba-tool cannot add or remove group members