smbldap-tools' "Failed to add entry for user"
March 2012.
Situation
smbldap-populate populated the LDAP server correctly, but I didn't seem to be able to add users.
server# smbpasswd -a testuser1
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=NETBIOSNAME))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
New SMB password:
Retype new SMB password:
ldapsam_getsampwnam: Unable to locate user [testuser1] count=0
Warning: homedirectory /home/testuser1 already exist. Check manually
_samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -m testuser1' gave 0
Could not find user testuser1, add script did not work
Failed to add entry for user testuser1.
Here is what was added into the LDAP server:
dn: uid=testuser1,ou=people,dc=example,dc=net
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: posixAccount
objectclass: shadowAccount
objectclass: inetOrgPerson
cn: testuser1
gidnumber: 513
homedirectory: /home/testuser1
sn: testuser1
uid: testuser1
uidnumber: 1012
gecos: System User
givenname: testuser1
loginshell: /bin/sh
userpassword: {crypt}x
You can see that the NT fields (sambaSID, sambaNTPassword, etc.) are missing, i.e. that the command did not complete.
Retrying with more debugging output (-D 10) showed:
smbldap_search_ext: base => [dc=example,dc=net], filter => [(&(uid=testuser1)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwnam: Unable to locate user [testuser1] count=0
This is normal;
what is not is:
Get_Pwnam_internals didn't find user [testuser1]!
What the problem was
nss_ldap was not working. Apparently, samba can not work with LDAP without it.
Maybe I'd have known this if I had read the manual.
You know that nss_ldap is working if you can see samba's group in your system:
mmnas# getent group
[...]
Domain Admins:*:512:root
Domain Users:*:513
Domain Guests:*:514
Domain Computers:*:515
Administrators:*:544
Account Operators:*:548
Print Operators:*:550
Backup Operators:*:551
Replicators:*:552