Well, I still had problem running your script - didn't quite know how to specify the server and other parameters...
But it was a starting point - it lead me to install latest 'smbldap-tools' and using those I added a 'test' user. Then I compared LDAP entires of newly created user to old users and noticed, that old users are missing a couple of 'objectClass' statements: > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: sambaSamAccount > objectClass: shadowAccount vs. > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: shadowAccount > objectClass: sambaSamAccount I added missing objectClass-es to all users and as it seems everything works well now. Thanks, Danilo PS: I guess I'll have to update the LDAP Account Manager too... On 27. 07. 2010 15:16, Jason Gerfen wrote: > My apologies... > > Here is a working copy as an attachment. I will also fix the blog post > I have up about it. > > Keep in mind it does require a couple of tools installed to function > properly. > i.e. > wbinfo > ldapsearch > ldapmodify > > Also a note on how it works. It uses wbinfo to detect any account in > active directory which does not have the unix extension properties for > the uid,gid,default shell, homedir, as well as any DN attribute which > uses first name last name, (DN=first last,CN=Users) which seems to > cause problems with the UID 2 SID verification process, and modifies > only those accounts. > > Using 'wizard' mode will allow you to test it on one account and once > that works you can specify a OU within Active Directory and this will > perform the operations on any account which fails the UID 2 SID > verification. > > Let me know if you experience any problems with it. > > On 07/27/10 02:29, Danilo Godec wrote: >> While my situation is a bit different (no AD server, Samba is PDC for >> the domain, using OpenLDAP for users, groups, ...), I tried running your >> Perl script in 'Wizard' mode, but it fails (using perl 5.8.3): >> >> # ./UID2SID.pl >> syntax error at ./UID2SID.pl line 204, near "= ;" >> syntax error at ./UID2SID.pl line 239, near "= ;" >> syntax error at ./UID2SID.pl line 380, near "= ;" >> syntax error at ./UID2SID.pl line 404, near "= ) " >> syntax error at ./UID2SID.pl line 410, near "}" >> Execution of ./UID2SID.pl aborted due to compilation errors. >> >> Regards, Danilo >> >> >> >> >> On 26. 07. 2010 15:54, Jason Gerfen wrote: >> >>> Here is a document and perl script I developed to resolve UID to SID >>> mappings in Samba Active Directory authentication. >>> >>> http://zerointeger.tumblr.com/post/589762841/samba-and-active-directory >>> >>> Let me know if that helps any. >>> >>> On 07/26/10 07:01, Danilo Godec wrote: >>> >>>> Got a problem after upgrading Samba from 3.0 to 3.5 - have a bunch of >>>> users and groups in LDAP and things work for the most part. >>>> >>>> However, when people try to change permissions from within Windows, >>>> some >>>> usernames or groupnames are shown properly, but other are not - >>>> they see >>>> the SID. >>>> >>>> Following up I noticed, that I can get a list of all users with >>>> 'wbinfo >>>> -u' and that I can get a SID for every user with 'wbinfo -n $USER'. >>>> >>>> However, for about 70% of all SIDs listed a 'reverse lookup' with >>>> 'wbinf >>>> -s $SID' doesn't work: >>>> >>>> >>>> >>>>> S-1-5-21-239950015-4237961228-1280988766-3060 Could not lookup sid >>>>> S-1-5-21-239950015-4237961228-1280988766-3060 >>>>> >>>>> >>>> It works for some and it turns out that this relates to what usernames >>>> are visible in Windows... >>>> >>>> I checked my LDAP and compared some of the users that work to some of >>>> those that don't, but there are no apparent differences. >>>> >>>> Any ideas? >>>> >>>> Regards, Danilo >>>> >>>> >>>> >>>> >>>> >>> >> >> > -- Danilo Godec, sistemska podpora / system administration Predlog! Obiscite prenovljeno spletno stran www.agenda.si ODPRTA KODA IN LINUX STORITVE : POSLOVNE RESITVE : UPRAVLJANJE IT : INFRASTRUKTURA IT : IZOBRAZEVANJE : PROGRAMSKA OPREMA Visit our updated web page at www.agenda.si OPEN SOURCE AND LINUX SERVICES : BUSINESS SOLUTIONS : IT MANAGEMENT : IT INFRASTRUCTURE : TRAINING : SOFTWARE
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba