[Samba] renaming a computer fail on a samba domain using ldap backend - Samba

This is a discussion on [Samba] renaming a computer fail on a samba domain using ldap backend - Samba ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it. Obviously, I use the same admin account (root) than the one ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] renaming a computer fail on a samba domain using ldap backend

  1. [Samba] renaming a computer fail on a samba domain using ldap backend

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hello,

    I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it.
    Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before.

    I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params :
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    add user script = /usr/sbin/smbldap-useradd -c "Samba user account" -m -s /bin/false '%u'
    add machine script = /usr/sbin/smbldap-useradd -c "Samba computer account" -g 515 -w -s /bin/false '%u'
    add group script = /usr/sbin/smbldap-groupadd '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user script = /usr/sbin/smbldap-userdel '%u'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    So far, I can add a computer on a domain, but I can't rename it.

    I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is
    unknown.

    The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP,
    renaming it under WinXP, re-join the domain, then drop the old computer account.

    Here the content of log.root when I try to rename the computer (using "log file = /var/log/samba/log.%U" and log level = 3)
    http://pastebin.org/26701
    The ACCESS denied is at line 771 : "set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED"

    I could give a more verbose log file, but this one is pretty huge...

    So, where did I fail ?

    Do we can rename a computer on a samba domain ?

    Feel free to ask me anything more you need to help me

    - --
    Guillaume (ioguix) de Rorthais
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFH8mxOxWGfaAgowiIRApA7AJ9p/7m2G3wH/1YvR/0f9MkxNZ3DGACfZbOl
    e6Mz3mQS2bIS6yzJ++cu66A=
    =B3vK
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] renaming a computer fail on a samba domain using ldap backend

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Replying to myself :

    Add the following conf line to smb.conf:
    rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'

    ioguix a écrit :
    > Hello,
    >
    > I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it.
    > Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before.
    >
    > I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params :
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~
    > add user script = /usr/sbin/smbldap-useradd -c "Samba user account" -m -s /bin/false '%u'
    > add machine script = /usr/sbin/smbldap-useradd -c "Samba computer account" -g 515 -w -s /bin/false '%u'
    > add group script = /usr/sbin/smbldap-groupadd '%g'
    > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    > delete user script = /usr/sbin/smbldap-userdel '%u'
    > delete group script = /usr/sbin/smbldap-groupdel '%g'
    > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~
    >
    > So far, I can add a computer on a domain, but I can't rename it.
    >
    > I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is
    > unknown.
    >
    > The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP,
    > renaming it under WinXP, re-join the domain, then drop the old computer account.
    >
    > Here the content of log.root when I try to rename the computer (using "log file = /var/log/samba/log.%U" and log level = 3)
    > http://pastebin.org/26701
    > The ACCESS denied is at line 771 : "set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED"
    >
    > I could give a more verbose log file, but this one is pretty huge...
    >
    > So, where did I fail ?
    >
    > Do we can rename a computer on a samba domain ?
    >
    > Feel free to ask me anything more you need to help me
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFH853fxWGfaAgowiIRAv69AJwKCpGF6nOgeTAqJPO+PT TFc89vSACfRXhi
    boB8PEzyPb1m8LHv15laWTc=
    =CgVf
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] renaming a computer fail on a samba domain using ldap backend

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Replying to myself :

    Add the following conf line to smb.conf:
    rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'

    ioguix a écrit :
    > Hello,
    >
    > I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it.
    > Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before.
    >
    > I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params :
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~
    > add user script = /usr/sbin/smbldap-useradd -c "Samba user account" -m -s /bin/false '%u'
    > add machine script = /usr/sbin/smbldap-useradd -c "Samba computer account" -g 515 -w -s /bin/false '%u'
    > add group script = /usr/sbin/smbldap-groupadd '%g'
    > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    > delete user script = /usr/sbin/smbldap-userdel '%u'
    > delete group script = /usr/sbin/smbldap-groupdel '%g'
    > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~
    >
    > So far, I can add a computer on a domain, but I can't rename it.
    >
    > I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is
    > unknown.
    >
    > The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP,
    > renaming it under WinXP, re-join the domain, then drop the old computer account.
    >
    > Here the content of log.root when I try to rename the computer (using "log file = /var/log/samba/log.%U" and log level = 3)
    > http://pastebin.org/26701
    > The ACCESS denied is at line 771 : "set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED"
    >
    > I could give a more verbose log file, but this one is pretty huge...
    >
    > So, where did I fail ?
    >
    > Do we can rename a computer on a samba domain ?
    >
    > Feel free to ask me anything more you need to help me
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFH853fxWGfaAgowiIRAv69AJwKCpGF6nOgeTAqJPO+PT TFc89vSACfRXhi
    boB8PEzyPb1m8LHv15laWTc=
    =CgVf
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread