Bug 4055 - adding user via usrmgr not possible
adding user via usrmgr not possible
Status: RESOLVED LATER
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.23b
Other Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
: 4054 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-26 11:33 UTC by Björn Jacke
Modified: 2006-08-29 08:50 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2006-08-26 11:33:32 UTC
adding a user via NT4 usrmgr is not possible as add user script isn't called as root. In this case /usr/sbin/ldapsmb is mode 0700... :

[2006/08/26 17:30:36, 3] param/loadparm.c:do_section(3687)
  Processing section "[global]"
  doing parameter log level = 1
sh: /usr/sbin/ldapsmb: Permission denied
[2006/08/26 18:16:23.662949, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
  _samr_create_user: Running the command `/usr/sbin/ldapsmb -a -u "bjoern_jacke" -f -q' gave 126
Comment 1 Volker Lendecke 2006-08-26 11:38:09 UTC
Are you really using 3.0.21b? If yes, can you please retry with 3.0.23b?

Thanks,

Volker
Comment 2 Björn Jacke 2006-08-26 11:45:39 UTC
yes, this is with 23b, too ;-)
Comment 3 Björn Jacke 2006-08-26 11:52:47 UTC
same with delete user script:

sh: /usr/sbin/ldapsmb: Permission denied
[2006/08/26 18:16:23.662949, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
  _samr_create_user: Running the command `/usr/sbin/ldapsmb -a -u "bjoern_jacke" -f -q' gave 126
[2006/08/26 18:51:46.364635, 0] lib/smbldap.c:smbldap_open(1009)
  smbldap_open: cannot access LDAP when not root..
Comment 4 Björn Jacke 2006-08-27 15:31:46 UTC
it seems like this was caused by blown away privileges. But if users/groups, which don't have privileges or which are not admin users, then Samba should not try to call add/delete/... scripts at all and log insufficient privileges for that user/group instead.
Comment 5 Gerald (Jerry) Carter 2006-08-27 16:02:10 UTC
Calling if the scripts regardless is a design decision 
to ensure backwards compatibility.  Althought it is a debatable
one.  We should have a discussion on the tech list of whether
we want to change this before applying any patches.
Comment 6 Björn Jacke 2006-08-29 08:50:36 UTC
*** Bug 4054 has been marked as a duplicate of this bug. ***