Web lists-archives.com

Re: [Samba] add machine script not running




Le 15/11/2017 à 19:23, Andrew Bartlett via samba a écrit :
You have 'add machine script = /usr/local/bin/addworkstation.pl "%u"'
Try removing the double quotes.

There isn't doesn't see to be anything else really wrong with your
smb.conf.

G'Day Rowland,

While it is possible our parsing of the smb.conf has changed, I think
this is a red herring.

I've tried both with and without the quotes without difference


This is an upgrade issue, so we should be holding as many things
constant as possible, once we confirm things like the script has been
copied over correctly and is executing manually on the new host.

Assuming it is confirmed that the script does not execute at all, i
would just say this:

Yes, when running manually on the root shell, it executes correctly and create the machine account I need. Once I did it, I can join the machine to the domaine, samba will find the entry in LDAP and add the correct sambaSamAccount objectClass and related attributes.
Sadly the LDAP backend of the NT4/classic DC is not automatically
tested in our make test.  However I can't see any specific change in
our control flow here, we should still execute that script if the new
account is created over SAMR CreateUser2 with ACB_WSTRUST.

The account will still be created in LDAP even if ldapsam:editposix =
yes is not set,
Where is this part mentioned in the doc ? I can see anything regarding account creation in LDAP, except for this editposix directive. Everything else just mention the add machine script.
  it will just not be created with posix attributes.  If
that were set, we wouldn't run the script however.

That's what I understood from the doc, so I made sure editposix is not set.
As a point of debugging, is the 'add user script' script run instead?

Nop, also tried.

Now, the "funny" thing is that, it did work, something like 3 times in over 50 tries. It's not just the config because, once it worked, I removed the same workstation from the domain, removed the LDAP entry, made no configuration change, not service restart and tried again, without success. It might be related to some caching effect of sssd, I need to dig a bit deepper.

Regards, Daniel

--

Logo FWS

	*Daniel Berteaud*

FIREWALL-SERVICES SAS.
Société de Services en Logiciels Libres
Tel : 05 56 64 15 32 <tel:0556641532>
Matrix: @dani:fws.fr
/www.firewall-services.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba