>>> Hi people: I have a Debian etch stable with the latests updates. >>> When I try to join a computer to the domain I create the >>> machine on the ldap and its created with the following atributes: >>> >>> dn:cn=test$,ou=Machines,dc=domain,dc=org >>> objectClass: top >>> objectClass: inetOrgPerson >>> objectClass: posixAccount >>> uidNumber: 3123 >>> uid: test$ >>> cn: test$ >>> sn: test$ >>> gidNumber: 604 >>> homeDirectory: /dev/null >>> loginShell: /bin/false >>> gecos: Machine Account >>> description: Machine Account >>> >>> Then, in the samba I run: >>> >>> pdbedit -am test >>> >>> And this is the output... >>> >>> ldapsam_add_sam_account: User exists without samba attributes: adding >>> them >>> init_ldap_from_sam: Setting entry for user: test$ >>> smbldap_modify: dn => [cn=test$,ou=Machines,dc=domain,dc=org] >>> ldapsam_modify_entry: Failed to modify user dn= >>> cn=test$,ou=Machines,dc=domain,dc=org with: Object class violation >>> object class 'sambaSamAccount' requires attribute 'sambaSID' >>> ldapsam_add_sam_account: failed to modify/add user with uid = test$ (dn >>> = cn=zigo$,ou=Systems,dc=domain,dc=int) >>> Unable to add machine! (does it already exist?) >>> >>> I set the debug level in the ldap and I can't see the pdbedit sending >>> any >>> sambaSID atributte. So I can't think this is a schema problem... >>> >>> Any ideas? Why is this happening?? I have found nothing on the net to >>> help >>> me... >>> >>> Tnxs in advance. >>> >> >> >> Anyone knowing something? >> I found some PDC NOT with the latest updates from Debian Etch, but with >> the same Samba version and they work! >> >> This is the output of the working version: >> >> account_policy_get: name: maximum password age, val: -1 >> account_policy_get: name: minimum password age, val: 0 >> pdb_set_username: setting username test$, was test$ >> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter => >> [(&(uid=test$)(objectclass=sambaSamAccount))], scope => [2] >> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter => >> [(&(sambaSID=S-1-5-21-2281447165-45835457-3575675572-31254)(objectclass=sambaSamAccount))], >> scope => [2] >> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter => >> [(uid=test$)], scope => [2] >> ldapsam_add_sam_account: User exists without samba attributes: adding >> them >> smbldap_make_mod: attribute |uid| not changed. >> init_ldap_from_sam: Setting entry for user: test$ >> smbldap_get_single_attribute: [sambaSID] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaSID| value >> |S-1-5-21-2281447165-45835457-3575675572-31254| >> smbldap_get_single_attribute: [displayName] = [<does not exist>] >> smbldap_make_mod: adding attribute |displayName| value |Computer| >> smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaPwdCanChange| value >> |1236459494| >> smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaPwdMustChange| value >> |2147483647| >> smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >> smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaNTPassword| value >> |0CB6948805F797BF2A82807973B89537| >> smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1236459494| >> smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W >> ]| >> smbldap_modify: dn => >> [uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar] >> rebindproc_connect_with_state: Rebinding to >> ldaps://10.8.2.100/uid=test$,ou=sarmiento,ou=Computers,dc=jusbaires,dc=gov,dc=ar >> as "uid=sarmiento-proxy,ou=security,dc=jusbaires,dc=gov,dc=ar" >> rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66) >> ldapsam_add_sam_account: added: uid == test$ in the LDAP database >> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter => >> [(&(uid=test$)(objectclass=sambaSamAccount))], scope => [2] >> smbldap_search_ext: waiting 866 milliseconds for LDAP replication. >> smbldap_search_ext: go on! >> init_sam_from_ldap: Entry found for user: test$ >> pdb_set_username: setting username test$, was >> pdb_set_domain: setting domain JUSBAIRES, was >> pdb_set_nt_username: setting nt username test$, was >> pdb_set_user_sid_from_string: setting user sid >> S-1-5-21-2281447165-45835457-3575675572-31254 >> pdb_set_user_sid: setting user sid >> S-1-5-21-2281447165-45835457-3575675572-31254 >> smbldap_get_single_attribute: [sambaLogonTime] = [<does not exist>] >> smbldap_get_single_attribute: [sambaLogoffTime] = [<does not exist>] >> smbldap_get_single_attribute: [sambaKickoffTime] = [<does not exist>] >> pdb_set_full_name: setting full name Computer, was >> smbldap_get_single_attribute: [sambaHomeDrive] = [<does not exist>] >> pdb_set_dir_drive: setting dir drive C:, was NULL >> smbldap_get_single_attribute: [sambaHomePath] = [<does not exist>] >> pdb_set_homedir: setting home dir \\pdc\profiles\test_, was >> smbldap_get_single_attribute: [sambaLogonScript] = [<does not exist>] >> pdb_set_logon_script: setting logon script netlogon.test_.bat, was >> smbldap_get_single_attribute: [sambaProfilePath] = [<does not exist>] >> pdb_set_profile_path: setting profile path \\pdc\profiles\test_, was >> smbldap_get_single_attribute: [sambaUserWorkstations] = [<does not >> exist>] >> smbldap_get_single_attribute: [sambaMungedDial] = [<does not exist>] >> smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >> account_policy_get: name: password history, val: 0 >> smbldap_get_single_attribute: [sambaBadPasswordCount] = [<does not >> exist>] >> smbldap_get_single_attribute: [sambaBadPasswordTime] = [<does not >> exist>] >> smbldap_get_single_attribute: [sambaLogonHours] = [<does not exist>] >> Opening cache file at /var/cache/samba/login_cache.tdb >> Looking up login cache for user test$ >> No cache entry found >> No cache entry, bad count = 0, bad time = 0 >> Unix username: test$ >> NT username: test$ >> Account Flags: [W ] >> User SID: S-1-5-21-2281447165-45835457-3575675572-31254 >> Finding user test$ >> Trying _Get_Pwnam(), username as lowercase is test$ >> Got test$ from pwnam_cache >> Get_Pwnam_internals did find user [test$]! >> smbldap_search_ext: base => [ou=Group,dc=jusbaires,dc=gov,dc=ar], filter >> => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] >> init_group_from_ldap: Entry found for group: 515 >> Accepting SID S-1-5-21-2281447165-45835457-3575675572 in level 1 >> lookup_global_sam_rid: looking up RID 515. >> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter => >> [(&(sambaSID=S-1-5-21-2281447165-45835457-3575675572-515)(objectclass=sambaSamAccount))], >> scope => [2] >> ldapsam_getsampwsid: Unable to locate SID >> [S-1-5-21-2281447165-45835457-3575675572-515] count=0 >> smbldap_search_ext: base => [ou=Group,dc=jusbaires,dc=gov,dc=ar], filter >> => >> [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-2281447165-45835457-3575675572-515))], >> scope => [2] >> init_group_from_ldap: Entry found for group: 515 >> lookup_rids: Domain Computers:2 >> Sid S-1-5-21-2281447165-45835457-3575675572-515 -> JUSBAIRES\Domain >> Computers(2) >> Primary Group SID: S-1-5-21-2281447165-45835457-3575675572-515 >> Full Name: Computer >> Home Directory: \\pdc\profiles\test_ >> HomeDir Drive: C: >> Logon Script: netlogon.test_.bat >> >> >> This is the output of the NOT working version: >> >> account_policy_get: name: maximum password age, val: -1 >> account_policy_get: name: minimum password age, val: 0 >> account_policy_get: name: password history, val: 0 >> pdb_set_username: setting username beruti-proxy$, was >> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter => >> [(&(uid=beruti-proxy$)(objectclass=sambaSamAccount))], scope => [2] >> smbldap_search_ext: base => [dc=jusbaires,dc=gov,dc=ar], filter => >> [(uid=beruti-proxy$)], scope => [2] >> ldapsam_add_sam_account: User exists without samba attributes: adding >> them >> smbldap_make_mod: attribute |uid| not changed. >> init_ldap_from_sam: Setting entry for user: beruti-proxy$ >> smbldap_get_single_attribute: [sambaPwdCanChange] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaPwdCanChange| value >> |1236459262| >> smbldap_get_single_attribute: [sambaPwdMustChange] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaPwdMustChange| value >> |9223372036854775807| >> smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] >> smbldap_get_single_attribute: [sambaNTPassword] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaNTPassword| value >> |A506EB2FCE65B16CF8EF7E05D2971B16| >> account_policy_get: name: password history, val: 0 >> smbldap_get_single_attribute: [sambaPasswordHistory] = [<does not >> exist>] >> smbldap_make_mod: adding attribute |sambaPasswordHistory| value >> |0000000000000000000000000000000000000000000000000000000000000000| >> smbldap_get_single_attribute: [sambaPwdLastSet] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1236459262| >> smbldap_get_single_attribute: [sambaAcctFlags] = [<does not exist>] >> smbldap_make_mod: adding attribute |sambaAcctFlags| value |[W >> ]| >> smbldap_modify: dn => >> [uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar] >> rebindproc_connect_with_state: Rebinding to >> ldaps://10.8.2.100/uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar >> as "uid=beruti-dns1,ou=security,dc=jusbaires,dc=gov,dc=ar" >> rebindproc_connect_with_state: setting last_rebind timestamp (req: 0x66) >> Failed to modify dn: >> uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar, >> error: >> Object class violation (object class 'sambaSamAccount' requires >> attribute >> 'sambaSID') >> ldapsam_add_sam_account: failed to modify/add user with uid = >> beruti-proxy$ (dn = >> uid=beruti-proxy$,ou=beruti,ou=Computers,dc=jusbaires,dc=gov,dc=ar) >> Unable to add machine! (does it already exist?) >> >> >> By the way, the version of the debian package is: 3.0.24-6etch10. >> > > > Any ideas? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Well... I update a little bit.. # pdbedit -am test ldapsam_add_sam_account: failed to modify/add user with uid = test$ (dn = uid=test$,ou=beruti,ou=Computers,dc=domain,dc=com) Unable to add machine! (does it already exist?) The log from the slapd is... Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 fd=31 ACCEPT from IP=10.3.0.1:52918 (IP=0.0.0.0:636) Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 fd=31 TLS established tls_ssf=128 ssf=128 Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 op=0 BIND dn="uid=beruti-dns1,ou=security,dc=domain,dc=com" method=128 Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 op=0 BIND dn="uid=beruti-dns1,ou=security,dc=domain,dc=com" mech=SIMPLE ssf=0 Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 op=0 RESULT tag=97 err=0 text= Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 op=1 MOD dn="uid=test$,ou=beruti,ou=Computers,dc=domain,dc=com" Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 op=1 MOD attr=sambaPwdCanChange sambaPwdMustChange sambaNTPassword sambaPasswordHistory sambaPwdLastSet sambaAcctFlags objectclass Mar 17 20:56:11 alem-systemlog slapd[29907]: Entry (uid=test$,ou=beruti,ou=Computers,dc=domain,dc=com): object class 'sambaSamAccount' requires attribute 'sambaSID' Mar 17 20:56:11 alem-systemlog slapd[29907]: entry failed schema check: object class 'sambaSamAccount' requires attribute 'sambaSID' Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 op=1 RESULT tag=103 err=65 text=object class 'sambaSamAccount' requires attribute 'sambaSID' Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 op=2 UNBIND Mar 17 20:56:11 alem-systemlog slapd[29907]: conn=42 fd=31 closed I understand that the error is that the schema needs the sambaSID attribute to add the sambaSamAccount. But... the pdbedit dosen't send the sambaSID. Who is the one in charge of doing this? samba? pdbedit? ldap? who? Any help would be endless appreciated... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
