I´ve just had the same problem and came to this post while searching for a solution, and I´ve just fixed this problem for my setup after reading Kang´s words:
I disabled the remove user script in smb.conf, and also removed the -a option from the add user script. Using the scripts the way they were configured, Samba tried to add / remove the user twice, though giving the error. Here is my smb.conf extract: .... add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" ... unix password sync = No ldap passwd sync = Yes ... My setup: Samba 3.0.7, openldap 2.1.29, smbldap-tools 0.8.5-2, Fedora Core 2. Hope this is useful. Mark Jones "Kang Sun" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Just a hunch, I didnot test myself. > In your smb.conf, did you set the "add user script" to add posix account as > well as Windows account? If so, there might be a problem. > >From what I read and understand, the script suppose to add Posix account > only, and samba will add the Windows account. If the Windows account is > added by the "add user script", then Samba has to delete it or modify it, > which it might not have the previlege or some error comes up that does not > mean what it says. > > Hope this helps! > > -- Kang Sun > > <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > tware.com... > Hello, > > have some little problems adding user to domain with USRMGR.EXE > My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4, > smbldap-tools-0.8.5, openldap2-2.2.6 > > If I try to add a new user with USRMGR.EXE I get an error "Access denied", > but if I look into LDAP the new user was correctly added to LDAP. > If I confirm the error-message and then cancel the "NEW USER" Window and > typing "F5" for refreshing the USRMGR. I can see the new user. > By doubble-clicking the new User I am able to make any modification to the > User without any error. > What could be the problem ? > > Here is a part of /var/log/messages that > Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] > passdb/pdb_ldap.c:ldapsam_add_sam_account(1573) > Jul 27 12:36:25 samba3 smbd[2149]: ldapsam_add_sam_account: User > 'i00001' already in the base, with samba attributes > Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] > rpc_server/srv_samr_nt.c:_samr_create_user(2267) > Jul 27 12:36:25 samba3 smbd[2149]: could not add user/computer i00001 to > passdb. Check permissions? > > if you need more logs or sambalog with special loglevel just tell me. > > The same problem exists when joining a machine to DOMAIN. > On first try => "Access denied" but correctly added to LDAP > On second try => "Welcome to DOMAIN" > > Thanks for any help. > > Christian Wittmer > > --------------------------------- > Büro/Office: +49 (0) 6227/385-120 > Email: [EMAIL PROTECTED] > > InterComponentWare AG > Otto-Hahn-Strasse 3 > 69190 Walldorf > Zentrale/Main: +49 (6227) 385-100 > > http://www.intercomponentware.com > http://www.lifesensor.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba