adding a user via NT4 usrmgr is not possible as add user script isn't called as root. In this case /usr/sbin/ldapsmb is mode 0700... : [2006/08/26 17:30:36, 3] param/loadparm.c:do_section(3687) Processing section "[global]" doing parameter log level = 1 sh: /usr/sbin/ldapsmb: Permission denied [2006/08/26 18:16:23.662949, 0] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/sbin/ldapsmb -a -u "bjoern_jacke" -f -q' gave 126
Are you really using 3.0.21b? If yes, can you please retry with 3.0.23b? Thanks, Volker
yes, this is with 23b, too ;-)
same with delete user script: sh: /usr/sbin/ldapsmb: Permission denied [2006/08/26 18:16:23.662949, 0] passdb/pdb_interface.c:pdb_default_create_user(368) _samr_create_user: Running the command `/usr/sbin/ldapsmb -a -u "bjoern_jacke" -f -q' gave 126 [2006/08/26 18:51:46.364635, 0] lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..
it seems like this was caused by blown away privileges. But if users/groups, which don't have privileges or which are not admin users, then Samba should not try to call add/delete/... scripts at all and log insufficient privileges for that user/group instead.
Calling if the scripts regardless is a design decision to ensure backwards compatibility. Althought it is a debatable one. We should have a discussion on the tech list of whether we want to change this before applying any patches.
*** Bug 4054 has been marked as a duplicate of this bug. ***