[Samba] Problem using smbldap-groupadd / net group add
in [Samba]
|
From: bibi21000 on 29 Dec 2009 07:50 Hello, I've got a problem using ldap support on my Ubuntu jaunty. Here are the versions : samba/jaunty uptodate 2:3.3.2-1ubuntu3.2 smbldap-tools/jaunty uptodate 0.9.4-1 First of all, smbldap-groupadd don't use the sambaNextRid to create a group, it compute it. Is this a normal way ? I've patch smbldap-groupadd to do this : - #$group_rid = 2*$_groupGidNumber+1001; + $group_rid=get_next_id($config{groupsdn},"sambaNextRID"); But that doesn't work :(( Here is the long story I can add a group using the command : sudo /usr/sbin/smbldap-groupadd -a titii Everything is fine : sambaSID in group is Ok (RID=1022) and sambaNextRID is updated in the data base (RID=1023) Now trying creating a group using the net command sudo net rpc group add titii2 -Uroot%******** <mailto:-Uroot%25Sx(a)14YUpm> Failed to add group 'titii2' with: Access is denied. But the group is created, and with the right rid : 1023 and sambaNextRID is updated in the data base (RID=1025). Here are the logs : [2009/12/26 15:11:25, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [ou=Groups,dc=mrg], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=titii2)(cn=titii2)))], scope => [2] [2009/12/26 15:11:25, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2463) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=titii2)(cn=titii2))) [2009/12/26 15:11:25, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/12/26 15:11:25, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/12/26 15:11:25, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/12/26 15:11:25, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/12/26 15:11:25, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/12/26 15:11:25, 5] auth/token_util.c:debug_nt_user_token(522) NT user token: (NULL) [2009/12/26 15:11:25, 5] auth/token_util.c:debug_unix_user_token(548) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/12/26 15:11:26, 3] groupdb/mapping.c:smb_create_group(215) smb_create_group: Running the command `/usr/sbin/smbldap-groupadd -a "titii2"' gave 0 [2009/12/26 15:11:26, 2] lib/smbldap_util.c:smbldap_search_domain_info(277) smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=MRG2))] [2009/12/26 15:11:26, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [dc=mrg], filter => [(&(objectClass=sambaDomain)(sambaDomainName=MRG2))], scope => [2] [2009/12/26 15:11:26, 5] lib/smbldap.c:smbldap_modify(1401) smbldap_modify: dn => [sambaDomainName=mrg2,dc=mrg] [2009/12/26 15:11:26, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1513) lookup_global_sam_rid: looking up RID 1025. [2009/12/26 15:11:26, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/12/26 15:11:26, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/12/26 15:11:26, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/12/26 15:11:26, 5] auth/token_util.c:debug_nt_user_token(522) NT user token: (NULL) [2009/12/26 15:11:26, 5] auth/token_util.c:debug_unix_user_token(548) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/12/26 15:11:26, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [dc=mrg], filter => [(&(sambaSID=S-1-5-21-1705536441-4107131491-2133793258-1025)(objectclass=sambaSamAccount))], scope => [2] [2009/12/26 15:11:26, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1613) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-1705536441-4107131491-2133793258-1025] count=0 [2009/12/26 15:11:26, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [ou=Groups,dc=mrg], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1705536441-4107131491-2133793258-1025))], scope => [2] [2009/12/26 15:11:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2463) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-1705536441-4107131491-2133793258-1025)) [2009/12/26 15:11:26, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/12/26 15:11:26, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [dc=mrg], filter => [(sambaSid=S-1-5-21-1705536441-4107131491-2133793258-1025)], scope => [2] [2009/12/26 15:11:26, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [dc=mrg], filter => [(&(objectClass=posixGroup)(gidNumber=0))], scope => [2] [2009/12/26 15:11:26, 5] lib/smbldap.c:smbldap_modify(1401) smbldap_modify: dn => [cn=Domain Admins,ou=Groups,dc=mrg] [2009/12/26 15:11:26, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/12/26 15:11:26, 5] rpc_parse/parse_prs.c:prs_debug(88) 000000 smb_io_rpc_hdr hdr The sambaNextRID is updated 2 times (one by smbldap-tools and the other ? By samba ? In the logs, samba looks for a group with rid of 1025 wich cannot exist, because it will be the next created. In man smb.conf / add group script In that case the script must print the numeric gid of the created group on stdout. Try this option : add group script = /usr/sbin/smbldap-groupadd -a -p "%g" sudo net rpc group add titii3 -Uroot%*** <mailto:-Uroot%25Sx(a)14YUpm> Failed to add group 'titii3' with: Access is denied. But the group is created, and with the right rid : 1025 and sambaNextRID is updated in the data base (RID=1026). Here are the logs : [2009/12/26 15:23:23, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [dc=mrg], filter => [(&(uid=titii3)(objectclass=sambaSamAccount))], scope => [2] [2009/12/26 15:23:23, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1519) ldapsam_getsampwnam: Unable to locate user [titii3] count=0 [2009/12/26 15:23:23, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/12/26 15:23:23, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2009/12/26 15:23:23, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 1 [2009/12/26 15:23:23, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2009/12/26 15:23:23, 5] auth/token_util.c:debug_nt_user_token(522) NT user token: (NULL) [2009/12/26 15:23:23, 5] auth/token_util.c:debug_unix_user_token(548) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/12/26 15:23:23, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base => [ou=Groups,dc=mrg], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=titii3)(cn=titii3)))], scope => [2] [2009/12/26 15:23:23, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2463) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=titii3)(cn=titii3))) [2009/12/26 15:23:23, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/12/26 15:23:23, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/12/26 15:23:23, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/12/26 15:23:23, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2009/12/26 15:23:23, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/12/26 15:23:23, 5] auth/token_util.c:debug_nt_user_token(522) NT user token: (NULL) [2009/12/26 15:23:23, 5] auth/token_util.c:debug_unix_user_token(548) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/12/26 15:23:24, 3] groupdb/mapping.c:smb_create_group(215) smb_create_group: Running the command `/usr/sbin/smbldap-groupadd -a -p "titii3"' gave 0 [2009/12/26 15:23:24, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 .......... .......... [2009/12/26 15:23:24, 5] lib/util_sock.c:read_socket_with_timeout(928) read_socket_with_timeout: blocking read. EOF from client. [2009/12/26 15:23:24, 3] smbd/process.c:smbd_process(1952) receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting [2009/12/26 15:23:24, 5] lib/gencache.c:gencache_shutdown(93) Closing cache file [2009/12/26 15:23:24, 5] libsmb/namecache.c:namecache_shutdown(81) namecache_shutdown: netbios namecache closed successfully. [2009/12/26 15:23:24, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/12/26 15:23:24, 5] auth/token_util.c:debug_nt_user_token(522) NT user token: (NULL) [2009/12/26 15:23:24, 5] auth/token_util.c:debug_unix_user_token(548) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2009/12/26 15:23:24, 5] smbd/uid.c:change_to_root_user(318) change_to_root_user: now uid=(0,0) gid=(0,0) [2009/12/26 15:23:24, 3] smbd/connection.c:yield_connection(31) Yielding connection to [2009/12/26 15:23:24, 3] smbd/server.c:exit_server_common(964) Server exit (normal exit) What is the right way to use the add group script ? TIA PS :Sorry for my bad english -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: FW: tree connect failed: NT_STATUS_BAD_NETWORK_NAME Next: web client for samba |