Created attachment 7479 [details] samba-tool group addmembers clients test2 -d10 "samba-tool group addmember/removemember" doesn't work for some users, but "net rpc group addmem" works nicely for all. Version 4.0.0alpha20-GIT-ee26421 'net' utility from s4 domain upgraded from s3 First of all: I get no errors when I try to add/del nonexistent users to/from group via 'samba-tool group': # samba-tool group addmembers somegroup nonexistent-blabla-user Added members to group somegroup Next, here is what I have in the domain: 'clients' group with no members 10 users with names bak,test,test2,..,test9 'bak',test' existed before migration to s4 'test2' created via samba-tool other test* created via samba-tool or dsa.msc Group membership changing via samba-tool works for all these users except 'bak','test2'. For bak,test2 I see no errors, but deceptive message "Added members to group clients". This is permanent - changing group gives no effect. 'net rpc' and dsa.msc works fine for all without exception. After quick looking at all this accounts, I can not see any fundamental difference between good and bad accounts. The only visible thing is that bad users 'adding' finishes much quicker then good. Some info is in attachments. If more information is needed - I have another migrated domain with exactly the same symptoms. Thanks. P.S. It would be nice to have samba-tool command similar to 'net rpc group members'
Created attachment 7480 [details] samba-tool group addmembers clients test3 -d10
Created attachment 7481 [details] ldbsearch -b cn=test2 --show-binary
Created attachment 7482 [details] ldbsearch -b cn=test3 --show-binary
Created attachment 7483 [details] ldbsearch -b cn=clients --show-binary
Created attachment 7484 [details] ldbsearch -b cn=bak --show-binary
This particular function has been implemented by commit http://gitweb.samba.org/samba.git/?p=samba.git;a=commitdiff;h=9cd664b2e9a01570d4beaf3dfc9e3f93b9370e63. (In reply to comment #0) > P.S. It would be nice to have samba-tool command similar to 'net rpc group > members'
(In reply to comment #6) > This particular function has been implemented by commit > http://gitweb.samba.org/samba.git/?p=samba.git;a=commitdiff;h=9cd664b2e9a01570d4beaf3dfc9e3f93b9370e63. That seems to work, thanks, samba-tool becomes more and more usable. May be it's time to make the same for users - listgroups or similar...
Thanks for your status update. Closing it as FIXED.
(In reply to comment #8) > Thanks for your status update. Closing it as FIXED. I'm sorry, maybe the status was updated by my mistake, but I don't think it's fixed. All problems I've described still exist. Even more, I've just found another problem with this new 'listmembers' subcommand, as 'addmembers' it doesn't show any error with nonexistent groups: # samba-tool group listmembers nonexistentgroup #
Hi Sergey, I have posted some patches (to samba-technical) that should solve most of the issues raised here. I was not able to replicate your problem (due to the lack of migrated s3 domain setup) with accounts obtained through s3 migration, but hopefully new exception handling will help pinpoint the issue better
Amitay, could you please have a look at Lukasz' patches ([PATCHES] Make add_remove_group_members a private helper function and partial fixes for Bug #8891)? I think they have not been merged yet.
(In reply to comment #10) > Hi Sergey, > I have posted some patches (to samba-technical) that should solve most of the > issues raised here. I was not able to replicate your problem (due to the lack > of migrated s3 domain setup) with accounts obtained through s3 migration, but > hopefully new exception handling will help pinpoint the issue better Hi Lukasz, Tried your patches with the latest master snapshot, here are results: 1. addmembers,removemembers,listmembers exceptions about nonexistent users/groups seem to work fine. Would be cool to see it in the master. Thanks! 2. now adding 'bad' user to a group gives an exception: # samba-tool group addmembers clients bak ERROR(exception): Failed to add members "bak" to group "clients" - Unable to find DN for account "bak" File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/group.py", line 210, in run samdb.add_group_members(groupname, groupmembers) File "/usr/local/samba/lib/python2.7/site-packages/samba/samdb.py", line 236, in add_group_members self._add_remove_group_members(groupname, members, True) File "/usr/local/samba/lib/python2.7/site-packages/samba/samdb.py", line 277, in _add_remove_group_members raise Exception('Unable to find DN for account "%s"' % member) I do have this user in the db. # samba-tool user list |grep ^bak$ bak ldb dump of this user is in the attachment I've already posted. If any additional information is needed, please ask.
Hi Sergey, I have modified one of the tests (blackbox_s3upgrade.sh) to run samba-tool group addmembers after the upgrade has been performed, but cannot for love nor money replicate the issue you are experiencing. Does samba-tool dbcheck report any errors?
(In reply to comment #13) > Hi Sergey, > I have modified one of the tests (blackbox_s3upgrade.sh) to run samba-tool > group addmembers after the upgrade has been performed, but cannot for love nor > money replicate the issue you are experiencing. > Does samba-tool dbcheck report any errors? Hi Lukasz, the thing is that newly created user via samba-tool after upgrade can randomly become bad (I've got at least one). I sent you a message with samba tbds and smb.conf of one affected domain and instructions how to replicate the issue. Hope it helps you to find the bug.