[Samba] smbldap-useradd hangs in RH9
samba 3.0.2 smbldap-tools 0.8.4 RH 9 nss_ldap configured pam_ldap NOT configured LDAP passwd backend Hi, i've instaled samba 3.0.2 with smbldap-tools 0.8.4 twice in two different RH9. I got it runs in the first but not in the second with the same configuration (i think) The problen is (i got the same problem the first time but i don't remember how i fixed it) that when i try to create a new posix/samba account (with smbldap-useradd -a juan, for example) it runs until it create the posix account. Then it hangs. What could be happen? Thanks in advance! Carlos slapd[3195]: daemon: conn=271 fd=12 connection from IP=127.0.0.1:33598 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=271 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=271 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=271 op=1 SRCH base=o=senado.es scope=2 filter=((objectClass=posixAccount)(uidNumber=1000)) slapd[3195]: conn=271 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: daemon: conn=272 fd=17 connection from IP=127.0.0.1:33599 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=272 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=272 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=272 op=1 SRCH base=o=senado.es scope=2 filter=((objectClass=posixAccount)(uid=juan)) slapd[3195]: conn=272 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=272 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=273 fd=17 connection from IP=127.0.0.1:33600 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=273 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=273 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=273 op=1 SRCH base=ou=Groups,o=senado.es scope=2 filter=((objectClass=posixGroup)(gidNumber=513)) slapd[3195]: conn=273 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=274 fd=17 connection from IP=127.0.0.1:33601 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=274 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=274 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=274 op=1 SRCH base=ou=People,o=senado.es scope=2 filter=(sambaSID=S-1-5-21-2056510298-3027076148-852687323-3000) slapd[3195]: conn=274 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=274 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=275 fd=19 connection from IP=127.0.0.1:33602 (IP=0.0.0.0:389) accepted. slapd[3195]: connection_read(17): no connection! slapd[3195]: conn=275 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=275 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=275 op=1 ADD dn=UID=JUAN,OU=PEOPLE,O=SENADO.ES slapd[3195]: conn=275 op=1 RESULT tag=105 err=0 text= slapd[3195]: daemon: conn=276 fd=17 connection from IP=127.0.0.1:33603 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=276 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=276 op=0 RESULT tag=97 err=0 text= slapd[3195]: conn=276 op=1 SRCH base=ou=Groups,o=senado.es scope=2 filter=((objectClass=posixGroup)(|(cn=513)(gidNumber=513))) slapd[3195]: conn=276 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=276 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=277 fd=17 connection from IP=127.0.0.1:33604 (IP=0.0.0.0:389) accepted. slapd[3195]: conn=277 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=277 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=277 op=1 SRCH base=ou=Groups,o=senado.es scope=2 filter=((objectClass=posixGroup)(|(cn=513)(gidNumber=513))) slapd[3195]: conn=277 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=277 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed slapd[3195]: daemon: conn=278 fd=21 connection from IP=127.0.0.1:33605 (IP=0.0.0.0:389) accepted. slapd[3195]: connection_read(17): no connection! slapd[3195]: conn=278 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=278 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=278 op=1 SRCH base=cn=usuarios,ou=Groups,o=senado.es scope=0 filter=((memberUid=juan)) slapd[3195]: conn=278 op=1 SEARCH RESULT tag=101 err=0 text= slapd[3195]: conn=278 op=2 UNBIND slapd[3195]: conn=-1 fd=21 closed slapd[3195]: daemon: conn=279 fd=17 connection from IP=127.0.0.1:33606 (IP=0.0.0.0:389) accepted. slapd[3195]: connection_read(21): no connection! slapd[3195]: conn=279 op=0 BIND dn=CN=MANAGER,O=SENADO.ES method=128 slapd[3195]: conn=279 op=0 RESULT tag=97 err=0 text= slapd[3195]: deferring operation slapd[3195]: conn=279 op=1 MOD dn=cn=usuarios,ou=Groups,o=senado.es slapd[3195]: conn=279 op=1 RESULT tag=103 err=0 text= slapd[3195]: conn=279 op=2 UNBIND slapd[3195]: conn=-1 fd=17 closed [EMAIL PROTECTED] smbldap-tools]# grep -v ^# smbldap_bind.conf
[Samba] Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap
samba 3.0.2 smbldap-tools 0.8.4 RH 9 nss_ldap configured pam_ldap NOT configured LDAP passwd backend winxp pro domain member Hello, i've configured smbldap-tools in smb.conf to manage users from usrmgr.exe. It works at group creation but have a strange behavior in user creation. In the LDAP there are two manually created accounts; Administrador invitado, both posixAccount and sambaSamAccount. When i try to create a new account with usrmgr using smbldap-useradd %u in add user script i get this error: [2004/02/19 11:37:53, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1634) ldapsam_add_sam_account: failed to modify/add user with uid = juan (dn = uid=juan,ou=People,o=senado.es) [2004/02/19 11:37:53, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2251) could not add user/computer juan to passdb. Check permissions? The usrmgr shows me an Access denied window and as result i can find a new entry in the LDAP server with uid=juan that is a posixAccount and shadowAccount. It looks like smbldap-useradd create a new entry (posixAccount) in the LDAP server and then samba tries to create the same entry (but with sambaSamAccount i think) I can get rid this error making a conventional unix account with useradd (created in /etc/passwd) and then adding the user with usrmgr. As result i get a new entry in the LDAP server that is a sambaSamAccount but not a posixAccount. (in this case i think that i didn't use add user script) The question is, how must i configure to create new users throw usrmgr with add user script = ...smbldap-useradd %u and getting as result a new entry in the LDAP server that is both posixAccount and sambaSamAccount? Thanks in advance! Carlos -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap
Here we go!
El Jueves 19 Febrero 2004 12:39, Jérôme Tournier escribió:
Le Thu, Feb 19, 2004 at 12:07:49PM +0100, Carlos García Recio a ecrit:
samba 3.0.2
smbldap-tools 0.8.4
RH 9
nss_ldap configured
pam_ldap NOT configured
LDAP passwd backend
winxp pro domain member
Can you also send us your smbldap-tools configuration files, and also samba
and openldap (?) one ?
thx
--
Jérôme
dn: o=senado.es
objectClass: organization
objectClass: organization
objectClass: top
o: senado.es
dn: ou=People,o=senado.es
objectClass: organizationalUnit
ou: People
dn: ou=Groups,o=senado.es
objectClass: organizationalUnit
ou: Groups
dn: ou=Computers,o=senado.es
objectClass: organizationalUnit
ou: Computers
dn: uid=Administrador,ou=People,o=senado.es
sambaPwdLastSet: 1077009096
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 1077009096
sambaPwdMustChange: 2147483647
sambaLMPassword: F0D412BD764FFE81AAD3B435B51404EE
sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634
sambaAcctFlags: [U ]
loginShell: /bin/false
gecos: Netbios Domain Administrator
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
homeDirectory: /tmp
sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-512
userPassword: {SSHA}tsGSr9yQRsPT1cRjBGBCPWqbEGO/EtHR
sn: Administrador
cn: Administrador
displayName: Administrador
uid: Administrador
sambaSID: S-1-5-21-2056510298-3027076148-852687323-1000
uidNumber: 0
gidNumber: 0
dn: uid=Invitado,ou=People,o=senado.es
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaLMPassword: NO PASSWORDX
sambaNTPassword: NO PASSWORDX
sambaAcctFlags: [NU ]
loginShell: /bin/false
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
sambaPrimaryGroupSID: S-1-5-21-2056510298-3027076148-852687323-514
sambaSID: S-1-5-21-2056510298-3027076148-852687323-501
uidNumber: 501
gidNumber: 99
sn: Invitado
cn: Invitado
displayName: Invitado
uid: Invitado
dn: cn=usuarios,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
sambaGroupType: 2
displayName: Usuarios del Dominio
sambaSID: S-1-5-21-2056510298-3027076148-852687323-513
cn: usuarios
description: Usuarios del domio NetBios
dn: cn=invitados,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-2056510298-3027076148-852687323-514
gidNumber: 99
cn: Invitados
displayName: Invitados
memberUid: Invitado
description: Usuarios invitados del dominio NetBios
dn: cn=Usuarios Avanzados,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 547
description: Netbios Domain Members can share directories and printers
sambaGroupType: 2
cn: Usuarios Avanzados
displayName: Usuarios Avanzados
sambaSID: S-1-5-21-2056510298-3027076148-852687323-547
dn: cn=Operadores de Cuenta,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
description: Netbios Domain Users to manipulate users accounts
sambaGroupType: 2
cn: Operadores de Cuenta
sambaSID: S-1-5-21-2056510298-3027076148-852687323-548
displayName: Operadores de Cuenta
dn: cn=Operadores de Servidor,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 549
description: Netbios Domain Server Operators
sambaGroupType: 2
cn: Operadores de Servidor
sambaSID: S-1-5-21-2056510298-3027076148-852687323-549
displayName: Operadores de Servidor
dn: cn=Operadores de Impresion,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
description: Netbios Domain Print Operators
sambaGroupType: 2
cn: Operadores de Impresion
sambaSID: S-1-5-21-2056510298-3027076148-852687323-550
displayName: Operadores de Impresion
dn: cn=Operadores de Copia de Seguridad,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 551
description: Netbios Domain Members can bypass file security to back up files
sambaGroupType: 2
cn: Operadores de Copia de Seguridad
sambaSID: S-1-5-21-2056510298-3027076148-852687323-551
displayName: Operadores de Copia de Seguridad
dn: cn=Replicador,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 552
description: Netbios Domain Supports file replication in a sambaDomainName
sambaGroupType: 2
cn: Replicador
displayName: Replicador
sambaSID: S-1-5-21-2056510298-3027076148-852687323-552
dn: cn=maquinas,ou=Groups,o=senado.es
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 553
sambaGroupType: 2
displayName: Maquinas del Dominio
sambaSID: S-1-5-21-2056510298-3027076148-852687323-553
cn: maquinas
description: Cuentas de maquinas del dominio NetBios
dn: sambaDomainName=TEST,o=senado.es
sambaDomainName: TEST
sambaSID: S-1-5-21
Re: [Samba] Using the same LDAP entry for posixAccount and sambaSamAccount with smbldap
Here we go again! El Jueves 19 Febrero 2004 12:59, Carlos García Recio escribió: Here we go! El Jueves 19 Febrero 2004 12:39, Jérôme Tournier escribió: Le Thu, Feb 19, 2004 at 12:07:49PM +0100, Carlos García Recio a ecrit: samba 3.0.2 smbldap-tools 0.8.4 RH 9 nss_ldap configured pam_ldap NOT configured LDAP passwd backend winxp pro domain member Can you also send us your smbldap-tools configuration files, and also samba and openldap (?) one ? thx -- Jérôme # /etc/nsswitch.conf passwd: files ldap shadow: files group: files ldap # /etc/samba/smb.conf [global] log level = 1 passdb:5 auth:5 winbind:10 # Nombre NetBIOS de maquina y dominio netbios name = testPDC workgroup = test # Definicion del backend de cuentas passdb backend = ldapsam:ldap://localhost:389 ldap admin dn = cn=Manager,o=senado.es ldap ssl = off ; Cuando borro un usuario del dominio solo quiero ; borrar sus atributos de samba, pero no elimino ; la entrada del ldap. ldap suffix = o=senado.es ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) add user script = /usr/local/sbin/smbldap-useradd %u ldap delete dn = no #delete user script = /usr/local/sbin/smbldap-userdel %u add machine script = /usr/local/sbin/smbldap-useradd -w %u add group script = /usr/local/sbin/smbldap-groupadd -p %g #delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u # Mapeo de UID's/GID's en las maquinas UNIX del dominio idmap backend = ldap:ldap://localhost:389 ldap idmap suffix = ou=Idmap ; Intenta sincronizar el password ldap con la password NT ldap passwd sync = no ;username map = /etc/samba/smbusers # Rol de PDC security = user encrypt passwords = yes os level = 255 preferred master = yes domain master = yes local master = yes wins support = yes domain logons = yes # Establecemos que los perfiles sean locales logon path = logon home = logon drive = logon script = # Share necesario para login de los usuarios en el dominio [netlogon] path = /home/samba/netlogon read only = yes # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/redhat/rfc822-MailMember.schema include /etc/openldap/schema/redhat/autofs.schema include /etc/openldap/schema/redhat/kerberosobject.schema # # SAMBA # # include /usr/share/doc/samba-3.0.2a/examples/LDAP/samba.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org #pidfile//var/run/slapd.pid #argsfile //var/run/slapd.args # Create a replication log in /var/lib/ldap for use by slurpd. #replogfile /var/lib/ldap/master-slapd.replog # Load dynamic backend modules: # modulepath/usr/sbin/openldap # moduleloadback_ldap.la # moduleloadback_ldbm.la # moduleloadback_passwd.la # moduleloadback_shell.la # # The next three lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running make slapd.pem, and fixing permissions on # slapd.pem so that the ldap user or group can read it. # TLSCertificateFile /usr/share/ssl/certs/slapd.pem # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt # # Sample Access Control # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default is: # Allow read by all # # rootdn can always write! ### # ldbm database definitions ### loglevel 256 databaseldbm #suffix dc=my-domain,dc=com suffix o=senado.es rootdn cn=Manager,o=senado.es #rootdn cn=Manager,dc=example,dc=com # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # rootpw
