I'll just go ahead and reply to my own message with some info I've
found... see if that inspires anyone to help.
After some greping through the smbpasswd source code (pretty clean
stuff, if I may say so), I figured the line of death resides in
passdb/passdb.c, function pdb_init_sam_new, lines 304 - 307:
-
pwd = Get_Pwnam(username);
if (!pwd)
return NT_STATUS_NO_SUCH_USER;
-
Looks like its trying to find a uid for a user that does not exist.
Now, this is supposed to be the defined behavior for actual users, but I
was under the impression that with ldap as the backend, machines did not
need a posix account... and that the RID was generated by some other
algorithm.
Am I off my rocker here?
-Sean
On Mon, 2003-09-08 at 13:24, Sean Kellogg wrote:
This totally worked a few days ago... when running 'smbpasswd -a user
-D 5' I get the following:
[EMAIL PROTECTED]:/home/niles/ldap/debian# smbpasswd -a user -D 5
Netbios name list:-
my_netbios_names[0]=LOGOS
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://logos.biostat.washington.edu
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
ldapsam:ldap://logos.biostat.washington.edu (ldapsam)
Found pdb backend ldapsam
Searching for:[((objectClass=sambaDomain)(sambaDomainName=LOGOS))]
smbldap_search_suffix: searching
for:[((objectClass=sambaDomain)(sambaDomainName=LOGOS))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://logos.biostat.washington.edu has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[((uid=user)(objectclass=sambaSamAccount))]
Unable to locate user [user] count=0
Finding user user
Trying _Get_Pwnam(), username as lowercase is user
Trying _Get_Pwnam(), username as uppercase is USER
Checking combinations of 0 uppercase letters in user
Get_Pwnam_internals didn't find user [user]!
Failed initialise SAM_ACCOUNT for user user.
Failed to modify password entry for user user
As you can see, I'm using ldap, and running at a higher debug value
shows that I am successfully connecting to the ldap server. This works
fine if the user already has a posix account established... but it used
to create the account automagically. While its not the end of the world
in terms of users, it is very troublesome when trying to add a machine
to the domain (where it evokes smbpasswd -am MACHINE NAME). Again,
broken. But this totally worked a few days ago. While I'm not surp
The only thing I can think of is that I upgraded to 3.0.0rc2-Debian from
3.0.0rc1-Debian. But that seems like an odd thing to change. Has
anyone else experienced this problem?
smb.conf
[global]
netbios name = logos
workgroup = logos
encrypt passwords = true
unix password sync = no
ldap passwd sync = yes
pam password change = yes
obey pam restrictions = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
passdb backend = ldapsam:ldap://logos.biostat.washington.edu
ldap admin dn = cn=admin,dc=biostat,dc=washington,dc=edu
ldap suffix = dc=biostat,dc=washington,dc=edu
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap ssl = off
security = user
domain logons = yes
wins server = 128.95.29.52
logon path = \\%L\profiles\%u
logon script = logon.bat
logon drive = H:
time server = yes
idmap uid = 1-65000
idmap gid = 1-65000
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false %u
printing = BSD
load printers = yes
printer admin = @domadmin
printcap name = /etc/printcap
Help would be appreciated... hell, it works for me would even be
good, as then I know its something I'm doing at not the developers.
-Sean
--
Sean Kellogg
University of Washington
Biostatistics Department - Linux Guy
e: [EMAIL PROTECTED]p: 5-9176
Linux is to the internet what duct tape is to everything else
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
