I was trying to add a new user via smbpasswd with the command:
./smbpasswd -a test
And I revieved the following response:
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to add user dn=
uid=test,o=grape,dc=dummy,dc=mydom with: Undefined attribute type
rid: attribute type undefined
ldapsam_add_sam_account: failed to modify/add user with uid = test (dn =
Failed to add entry for user test.
Failed to modify password entry for user test
The rid: attribute not defined is the part that I find interesting as that
attribute doesn't exist in your 3.0.0 schema?
In fact it would seem that most of the code is using the old samba schema: I
got this from pdbedit:
smbldap_search_suffix: searching for:[(&(&(uid=*)(objectclass=sambaSamAccount))
The objectclass sambaAccount seems to be built in and even if I define
sambaSamAccount it will not over ride the built in search.
Ok, I have got this semi worked out, it seems that I needed to set up the
password backend. However it seems strange that the new version would default
to ldap_compat rather than use the new schema, so I think this is still a bug.
Also the search string seems incorrect. (&(uid=%u)
(objectType=sambaSamAccount)) does not return any values even when I use ldap
tools to query the server. (&(objectType=sambaSamAccount)) returns all the
accounts but when I use the full search string nothing, which mean that I can
not update passwords or modify accounts or even connect to the accounts
through windows. Howver when I use pdbedit -L I get a listing of the accounts.
You built with --with-ldapsam didn't you? The sole purpose
of that option to build in default compatibility with Samba
Also check your indexs on the LDAP server. You may
need to rebuild them.
These are configuration issues and not bugs per say.