Bug 3647 - sambaSID is not created with pdbedit nor smbldap-useradd
sambaSID is not created with pdbedit nor smbldap-useradd
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
Other Linux
: P3 major
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2006-03-30 15:35 UTC by Carsten Schaub
Modified: 2006-04-01 13:45 UTC (History)
0 users

See Also:

Output of pdbedit -d 15 -a -m pcsxp1 (11.44 KB, text/plain)
2006-03-30 15:38 UTC, Carsten Schaub
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Schaub 2006-03-30 15:35:37 UTC
Hi *

I'm running Samba with an OpenLDAP backend.

PCS1:~ # smbclient -V
Version 3.0.21c-SerNet-SuSE

The problem arrise when a new workstation is created:

1. using smbldap-useradd -w pcsxp1
   this creates the DN is the expected place. But this DN has no sambaSamAcccount objectclass. The ppl from IDEALIX say that these will be created by samba. But Samba can not find the account without the sambaSamAccount objectclass.

2. using pdbedit -a -m pcsxp1
   this fails with the error
 ldapsam_modify_entry: Failed to add user dn= uid=pcsxp1$,ou=machines,dc=c-schaub,dc=de with: Object class violation
        object class 'sambaSamAccount' requires attribute 'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = pcsxp1$ (dn = uid=pcsxp1$,ou=machines,dc=c-schaub,dc=de)
Unable to add machine! (does it already exist?)

one prog should definetly set the 'sambaSID'. IMHO pdbedit should do.

Carsten Schaub
Comment 1 Carsten Schaub 2006-03-30 15:38:56 UTC
Created attachment 1828 [details]
Output of pdbedit -d 15 -a -m pcsxp1
Comment 2 Carsten Schaub 2006-04-01 13:45:52 UTC
After discussion with vl it leads to a misunderstanding of my ldap setup.
I wanted to have machine accounts only be as sambaSamAccount without the need of unix accounts. But this is not desirable.

It works if you create a unix uid which can be resolved by getpwent().
Actually it was a simple change to my ldap.conf to search the whole subtree.