Bug 6314 - net rpc user add , inconsistent behaviour with ldapsam:editposix
Summary: net rpc user add , inconsistent behaviour with ldapsam:editposix
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-01 11:11 UTC by David Markey
Modified: 2009-06-17 05:44 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Markey 2009-05-01 11:11:33 UTC
Config: http://dmarkey.com/~dmarkey/samba3.4pre1/smbpasswd/smb.conf


debian5:/var/log# net rpc user add david2 password -U administrator%password
Failed to add user 'david2' with: WERR_GENERAL_FAILURE.

log: http://dmarkey.com/~dmarkey/samba3.4pre1/net/samba-WERR_GENERAL_FAILURE



debian5:/var/log# net rpc user add david2 password -U administrator%password
Failed to add user 'david2' with: DOS code 0x0000051c.


log: http://dmarkey.com/~dmarkey/samba3.4pre1/net/samba-DOS


debian5:/var/log# net rpc user add david2 password -U administrator%password
Failed to add user 'david2' with: DOS code 0x00000026.
debian5:/var/log# net rpc user add david2 password -U administrator%password
Failed to add user 'david2' with: User already exists.

log: http://dmarkey.com/~dmarkey/samba3.4pre1/net/samba-success

At this point the user gets added :
debian5:/var/log# getent passwd david2
david2:*:1000008:1000002:david2:/home/SAMBATEST/david2:/bin/false
Comment 1 Guenther Deschner 2009-05-05 12:29:22 UTC
Ok, there is a crash bug in smbd (patch to follow) and then you have this problem in your LDAP server:

[2009/05/05 17:13:10,  5] lib/smbldap.c:1205(smbldap_search_ext)
  smbldap_search_ext: base => [dc=samba,dc=org], filter => [(&(sambaSid=S-1-5-21-3658353372-1529503655-518646015-513)(|(objectClass=sambaGroupMapping)(objectClass=sambaSamAccount)))], scope => [2]
[2009/05/05 17:13:10, 10] passdb/pdb_ldap.c:4894(ldapsam_sid_to_id)
  Got 2 entries, expected one
Comment 2 Guenther Deschner 2009-05-05 15:03:02 UTC
(In reply to comment #1)
> Ok, there is a crash bug in smbd (patch to follow)

The patch has been pushed to git repositories and is available also in bug #6314. 
Comment 3 Guenther Deschner 2009-05-05 15:03:47 UTC
(In reply to comment #2)
> (In reply to comment #1)
> > Ok, there is a crash bug in smbd (patch to follow)
> 
> The patch has been pushed to git repositories and is available also in bug
> #6314. 

bug #6313 that is.
Comment 4 David Markey 2009-05-06 05:17:16 UTC
I'm still getting inconsistency with this.

If I try to use the Administrator user, 10% of attempts succeed. When I grant the administrator full rights it succeeds 100%.

When the Administrstor doesnt have the rights granted, there should be consistent results, one way or the other.
 
Comment 5 Simo Sorce 2009-05-30 10:39:51 UTC
David,
any news on this ?
Comment 6 David Markey 2009-05-30 16:29:56 UTC
Its fixed in master, and 3.4-test.

The way it works now is that administrator has to be explicitly given SeAddUsersPrivilege, in order to be able to add users.
Comment 7 Guenther Deschner 2009-06-17 05:44:19 UTC
This has been resolved for 3.4

Thanks so much for testing!