smbldap-tools' "Failed to add entry for user"

March 2012.


smbldap-populate populated the LDAP server correctly, but I didn't seem to be able to add users.

server# smbpasswd -a testuser1
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=NETBIOSNAME))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
New SMB password:
Retype new SMB password:
ldapsam_getsampwnam: Unable to locate user [testuser1] count=0
Warning: homedirectory /home/testuser1 already exist. Check manually
_samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -m testuser1' gave 0
Could not find user testuser1, add script did not work
Failed to add entry for user testuser1.

Here is what was added into the LDAP server:

dn: uid=testuser1,ou=people,dc=example,dc=net
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: posixAccount
objectclass: shadowAccount
objectclass: inetOrgPerson
cn: testuser1
gidnumber: 513
homedirectory: /home/testuser1
sn: testuser1
uid: testuser1
uidnumber: 1012
gecos: System User
givenname: testuser1
loginshell: /bin/sh
userpassword: {crypt}x

You can see that the NT fields (sambaSID, sambaNTPassword, etc.) are missing, i.e. that the command did not complete.

Retrying with more debugging output (-D 10) showed:

smbldap_search_ext: base => [dc=example,dc=net], filter => [(&(uid=testuser1)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwnam: Unable to locate user [testuser1] count=0

This is normal;

what is not is:

Get_Pwnam_internals didn't find user [testuser1]!

What the problem was

nss_ldap was not working. Apparently, samba can not work with LDAP without it.

Maybe I'd have known this if I had read the manual.

You know that nss_ldap is working if you can see samba's group in your system:

mmnas# getent group
Domain Admins:*:512:root
Domain Users:*:513
Domain Guests:*:514
Domain Computers:*:515
Account Operators:*:548
Print Operators:*:550
Backup Operators:*:551