Can not add user/macine accounts to Samba PDC if the "ldap idmap alloc" backend is used

Bug #240353 reported by Heiko on 2008-06-16
8
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: winbind

The winbind Package (3.0.28a) that Ubuntu 8.04 uses has a Bug,
so the LDAP idmap alloc Backend (ldapsam:trusted = yes, ldapsam:editposix = yes) is unusable.
I configured Samba as it is described on
http://wiki.samba.org/index.php/Ldapsam_Editposix
With 3.0.28a you get the Error "NT_STATUS_INVALID_PRIMARY_GROUP" if you try to add an User or Machine Account.
In the winbind log files you can see, that winbind fails to get the UID or GID of a SID. With the same configuration and Samba 3.0.30 all is fine
(I tried it with the Debian Lenny Packages). Karolin Seeger from Sernet GmbH confirmed that this was a Bug in 3.0.28a.

I think that should be fixed in Ubuntu 8.04 especially that this Version is a LTS-Version.
With this Bug it is only possible to set up a PDC when the old smbldap-tools method is used.

Chuck Short (zulcss) on 2008-06-16
Changed in samba:
status: New → Incomplete
Chuck Short (zulcss) wrote :

Hi,

Do you have a reference to this fix?

Thanks
chuck

Chuck Short (zulcss) wrote :

Hi,

Can you try the version in my ppa: http://launchpad.net/~zulcss/+ppa ?

Thanks
chuck

Heiko (heiko-barg) wrote :

You mean "https://launchpad.net/~zulcss/+archive" ?

I tried it with your version (3.0.28a-1ubuntu4.2~ppa) but it doesn't solve the issue.
I get there also the "NT_STATUS_INVALID_PRIMARY_GROUP" error.

Sorry I've found no reference to the fix in the samba bugzilla. May be I used the wrong search terms?!

May be we can ask the Samba Developers, they should know more about the issue?!

Chuck Short (zulcss) wrote :

Can you send me your smb.conf I can be reached at <email address hidden>.

Thanks
chuck

Heiko (heiko-barg) wrote :

I attached the smb.conf. It is the simplest smb.conf to reproduce the issue.
With the same smb.conf samba 3.0.30 is running fine.

Chuck Short (zulcss) wrote :

Could you send me your log files as well?

Thanks
chuck

Gunnar Thielebein (lorem-ipsum) wrote :

I can confirm this bug.

With hardy 3.0.28a-1ubuntu4.4 winbind does not run properly.

Error message:
nsswitch/winbindd_util.c:trustdom_recv(229)
  Could not receive trustdoms

User accounts were correctly created via, "net sam provision" but "wbinfo -u" fails also adding user via "net user add" fails.

With samba-3.2.1 (sid backport) winbind/editposix runs apart of some minor issues.

Duane Hinnen (duanedesign) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Duane Hinnen (duanedesign) wrote :

This bug was reported a while ago and there hasn't been any activity in it recently so we are closing this bug report. If you are still experiencing this bug with the latest release of Ubuntu please feel free to reopen this bug report. You can click on the current status, under the Status column, and change the Status back to "New". Thanks again and don't hesitate to submit bug reports in the future.

Changed in samba:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments