Just a question,
In samba code, for know if samba must add a dn or modify a dn in ldap tree,
samba call function ldap_count_entries, but how ldap_count_entries work.
I ask this question because, I found that the ldap filter parameter is
different of howto.
I have something like ((uid=%u)(SambaSamAccount)), but if
ldap_count_entries use these filter,
samba never find the entry with posix_account and of course try to add a dn.
num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
result);
if (num_result > 1) {
DEBUG (0, ("ldapsam_add_sam_account: More than one user
with that uid exists: bailing out!\n"));
free_attr_list( attr_list );
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
/* Check if we need to update an existing entry */
if (num_result == 1) {
char *tmp;
....
}
can me confirm or not these possibility ...
[EMAIL PROTECTED] a �crit :
John,
I appreciate your reaction, but could you explain this error ?
[2005/05/27 16:19:10, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
ldapsam_modify_entry: Failed to add user dn=
uid=infobcer$,ou=machines,dc=corman,dc=be with: Already exists
[2005/05/27 16:19:10, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1911)
ldapsam_add_sam_account: failed to modify/add user with uid = infobcer$
(dn = uid=infobcer$,ou=machines,dc=corman,dc=be)
[2005/05/27 16:19:10, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2398)
could not add user/computer infobcer$ to passdb. Check permissions?
I use root for adding to my PDC, ldap version : 2.1.25
thanks
-----------------------------------
St�phane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a �crit
sur 26/05/2005 20:15:05 :
St�phane,
The book "Samba-3 by Example" is being reprinted very soon. Up to date
builds
of the PDF are available on the Samba web site daily. This document can
be
downloaded from:
http://www.samba.org/samba/docs/Samba-Guide.pdf
In chapter 5 I have fully documented how Samba-3 can be deployed
with LDAP and
using the smbldap-tools. It works perfectly for me and in many sites that
have given me feedback that it works. Over the past two months I have
received and applied about 40 suggestions for improvement. Every report
that
it does not work has been resolved, but given all of this I am 100%
certain
that there are still bugs in there.
I would greatly appreciate if you could test-drive this chapter and
report
back any bugs or problems you come across.
I will personally work with you to resolve any issues that you may find.
Your claim below that there has been no reaction from the Samba Teamis
wrong.
A number of us have worked with Jerome Tournier, that has resulted in the
0.9.0 release of the smbldap-tools. We do not make a practice of ignoring
our
uses. I have been working on updating our documentation also as a result
of
feedback an dbug reports. You have never been ignored.
The smbldap-tools should be configured to handle only the POSIX part of
LDAP
based accounts. Samba should handle all the sambaSAM components.
Please review chapter 5 and give me your feedback. I am anxious to fix
any
problem you may have.
Cheers,
John T.
On Thursday 26 May 2005 09:12, [EMAIL PROTECTED] wrote:
Ok,
I re-read the script and the sambasamaccount is only added with -i
option.
My position is :
- I asked the problem in 2004, I a put a BUG. For some reasons,
no
reaction from samba team for this problem.
- My solution is modify the smbldap-script for add
sambasamaccount
and add a machine on two step, it's work (until today)
add theses lines after the
if (defined($Options{'i'})) {
...
}
if (defined($Options{'w'})) {
# For machine account
# Objectclass sambaSAMAccount must be added now !
my $date=time;
my $modify = $ldap_master->modify (
"uid=$userName,$config{computersdn}",
changes => [
replace =>
[objectClass
=> ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
add =>
[sambaLogonTime
=> '0'],
add =>
[sambaLogoffTime
=> '2147483647'],
add =>
[sambaKickoffTime => '2147483647'],
add =>
[sambaPwdCanChange => '0'],
add =>
[sambaPwdMustChange => '2147483647'],
add =>
[sambaPwdLastSet
=> "$date"],
add =>
[sambaAcctFlags
=> '[W ]'],
add => [sambaSID =>
"$user_sid"],
add =>
[sambaPrimaryGroupSID => "$config{SID}-515"]
]
);
$modify->code && die "failed to add entry: ", $modify->error ;
}
ask me if problem, I cannot add machine today, but if you can test for
me I
appreciate.
thanks
St�phane Purnelle
-----------------------------------
St�phane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
[EMAIL PROTECTED] a
�crit
sur 26/05/2005 16:57:49 :
[EMAIL PROTECTED] wrote:
I forgot some details.
the script add the sambasamaccount.
could you send me the smbldap-useradd script for see what version
you
use ?
some smbldap script not add the sambasamaccount, because normally
samba
must add it (and is this part which don't work).
the last version seems to add the sambasamaccount attributes and
old
version too.
Ah! smbldap-useradd in 0.8.7 certainly does not seem to add the
sambasamaccount attributes. I just downloaded the latest 0.9.0 and
that
doesn't seem to either. Not with -w, which as i understand it is the
way
it should be used. -w just makes the posixaccount and expects samba
to
do the rest...
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
#print "About to create machine $userName:\n";
if (!add_posix_machine
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
die "$0: error while adding posix account\n";
}
if (defined($Options{'i'})) {
...
}
$ldap_master->unbind;
exit 0;
}
Should the add machine script set up the samba attributes? It seems a
bit mad. Surely samba should be finding that the user exists but
doesn't
have the samba attributes and then it should modify the user? That's
what the code in my original post appears to be trying to do...
John
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
St�phane Purnelle <[EMAIL PROTECTED]>
Site Web : http://www.linuxplusvalue.be
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
