Bug 677 - Smbpasswd mapping to old schema?
Smbpasswd mapping to old schema?
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
All Solaris
: P3 regression
: none
Assigned To: Samba Bugzilla Account
Depends on:
  Show dependency treegraph
Reported: 2003-10-23 22:35 UTC by Ant Middle
Modified: 2005-11-14 09:27 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ant Middle 2003-10-23 22:35:29 UTC
I was trying to add a new user via smbpasswd with the command:

./smbpasswd -a test

And I revieved the following response:

New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to add user dn= 
uid=test,o=grape,dc=dummy,dc=mydom with: Undefined attribute type
        rid: attribute type undefined
ldapsam_add_sam_account: failed to modify/add user with uid = test (dn = 
Failed to add entry for user test.
Failed to modify password entry for user test

The rid: attribute not defined is the part that I find interesting as that 
attribute doesn't exist in your 3.0.0 schema?
Comment 1 Ant Middle 2003-10-24 01:35:32 UTC
In fact it would seem that most of the code is using the old samba schema: I 
got this from pdbedit:

smbldap_search_suffix: searching for:[(&(&(uid=*)(objectclass=sambaSamAccount))

The objectclass sambaAccount seems to be built in and even if I define 
sambaSamAccount it will not over ride the built in search.
Comment 2 Ant Middle 2003-10-27 21:57:09 UTC
Ok, I have got this semi worked out, it seems that I needed to set up the 
password backend. However it seems strange that the new version would default 
to ldap_compat rather than use the new schema, so I think this is still a bug. 
Also the search string seems incorrect. (&(uid=%u)
(objectType=sambaSamAccount)) does not return any values even when I use ldap 
tools to query the server. (&(objectType=sambaSamAccount)) returns all the 
accounts but when I use the full search string nothing, which mean that I can 
not update passwords or modify accounts or even connect to the accounts 
through windows. Howver when I use pdbedit -L I get a listing of the accounts.
Comment 3 Gerald (Jerry) Carter 2003-10-29 14:29:43 UTC
You built with --with-ldapsam didn't you?  The sole purpose 
of that option to build in default compatibility with Samba 

Also check your indexs on the LDAP server.  You may 
need to rebuild them.  

These are configuration issues and not bugs per say.
Closing out.
Comment 4 Gerald (Jerry) Carter 2005-11-14 09:27:53 UTC
database cleanup