Michael Liebl wrote:
Domainname: MITTELERDE
PDC: ISENGART
Machinename I added: TESTMACHINE
My Command: add machine script = /usr/sbin/useradd -c Samba-Computer -d /dev/null -g machines -s /bin/false %u
If I change 'set primary group script' to "/bin/true" the machine will stay in Group machines, so the command works.
After adding the machine, it has the primary unix group "domusr".
Domain Users (S-1-5-21-1418210569-3342691074-3409555407-513) -> domusr
Using: Debian/unstable x86 Linux 2.6.5 Samba: Version 3.0.7-Debian (Also I checked with FC2)
If you need more info, please let me know.
Interesting case... The request comes from Windows to update machine account with a bunch of new values and in this request RID of the primary group for the account (group_rid) is listed as 513 (0x201).
If you look at the 'fields_present' in the request you will notice that it requests almost all information to be updated - 09f827fa (this is a bitwise mask of fields to be updated). When I add a computer in my domain I have it only '00c4 fields_present : 01100002'. Note, that on the other hand I have similar set of data updates when I create normal user with usrmgr.exe: "00c4 fields_present : 08f827fa".
So, I suspect the problem is somewhere on Windows side. I haven't found any Domain Policy requiring all accounts to be in "Domain Users" group which is the only thing which comes to my mind as a probably cause for the problem.
I hope somebody having more experience with different Domain/Windows configurations can help in this case.
Bellow is the relavent extracts from the (log level = 5) smbd log:
Igor
[2004/10/11 09:06:31, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2245)
_samr_create_user: Running the command `/usr/sbin/useradd -c Samba-Computer -d /dev/null -g machines -G samba -s /bin/false testmachine$' gave 0
[2004/10/11 09:06:31, 5] lib/username.c:Get_Pwnam(293)
Finding user testmachine$
..........
[2004/10/11 09:06:31, 5] passdb/pdb_tdb.c:tdb_update_sam(631)
Storing (new) account testmachine$ with RID 5024
..........
[2004/10/11 09:06:31, 4] rpc_server/srv_pipe.c:api_rpcTNP(1534)
api_rpcTNP: samr op 0x3a - api_rpcTNP: rpc command: SAMR_SET_USERINFO
..........
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
00b8 user_rid : 00000000
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
00bc group_rid : 00000201
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
00c0 acb_info : 00000080
[2004/10/11 09:06:31, 5] rpc_parse/parse_prs.c:prs_uint32(635)
00c4 fields_present : 09f827fa
..........
[2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2977)
_samr_set_userinfo: sid:S-1-5-21-1418210569-3342691074-3409555407-5024, level:23
[2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:set_user_info_23(2830)
Attempting administrator password change (level 23) for user testmachine$
[2004/10/11 09:06:31, 5] rpc_server/srv_samr_nt.c:set_user_info_23(2850)
Changing trust account or non-unix-user password, not updating /etc/passwd
[2004/10/11 09:06:31, 3] passdb/lookup_sid.c:fetch_gid_from_cache(247)
fetch uid from cache 6000 -> S-1-5-21-1418210569-3342691074-3409555407-513
[2004/10/11 09:06:31, 3] groupdb/mapping.c:smb_set_primary_group(1189)
smb_set_primary_group: Running the command `/usr/sbin/usermod -g domusr testmachine$' gave 0
[2004/10/11 09:06:31, 5] passdb/pdb_tdb.c:tdb_update_sam(631)
Storing account testmachine$ with RID 5024
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
