samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] net sam/samba ldap: Failed to add user 'xxx

[Samba] net sam/samba ldap: Failed to add user 'xxx' with error: Group already exists.

From: Steven Enderle <steven.enderle_at_nospam>
Date: Tue May 18 2010 - 10:47:38 GMT


we are trying to set up Samba with LDAP Backend. Using the Samba
toolchain to add our existing users/groups, the net command seems to get
confused about what users and groups are, if both have the same name and
are used in the same context.

Here is what I tried:

-> Create the Domain Group
# net sam createdomaingroup duplicate -U Administrator%pwd
Created domain group duplicate with RID 1172

-> Create the User
# net rpc user add duplicate -U Administrator%pwd
Failed to add user 'duplicate' with error: Group already exists.

Other way around, adding first user then group, similar result:

-> Create the User
# net rpc user add duplicate2 -U Administrator%pwd
Added user 'duplicate2'.

-> Create the Domain Group
# net sam createdomaingroup duplicate2 -U Administrator%pwd
Created domain group duplicate2 with RID 1174

-> Add new User to Group
# net sam addmem duplicate2 duplicate2 -U Administrator%pwd
Can only add members to local groups so far, duplicate2 is a User

Samba seems to fail at differentiating groups and users of same name.

1) Is there a way to tell samba/net to add the user duplicate to group

2) Is there a dirty workaround that will get us running anyway?

3) What is the background that causes this problem? Is there something I
am missing?

Thanks for your help in advance.

samba version: 3.5.2-SerNet-Debian
smb.conf used:

server string = QNAP NAS
announce version = 5.1
workgroup = <hidden>
password server = localhost
disable netbios = yes
wins support = no
smb ports = 445
domain logons = no
domain master = no
local master = no
preferred master = no
template homedir = /home/%U
template shell = /bin/bash
os level = 65
winbind use default domain = yes
log level = 3
max log size = 2000
debug timestamp = yes
interfaces = lo eth0
bind interfaces only = true
hostname lookups = yes
log file = /var/log/samba/smbd.%m
passdb backend = ldapsam:ldap://localhost
encrypt passwords = yes
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap admin dn = <hidden>
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = <hidden>
ldap delete dn = Yes
ldap ssl = Off
idmap config <hidden>:default = yes
idmap config <hidden>:backend = ldap
idmap config <hidden>:ldap_base_dn = ou=idmap,<hidden>
idmap config <hidden>:ldap_user_dn = <hidden>
idmap config ER.EMPIC.DE:ldap_url = ldap://localhost
idmap config ER.EMPIC.DE:range = 10000 - 500000
idmap alloc backend = ldap
idmap alloc config : ldap_base_dn = ou=idmap,<hidden>
idmap alloc config : ldap_user_dn = <hidden>
idmap alloc config : ldap_url = ldap://localhost
idmap uid = 10000 - 500000
idmap gid = 10000 - 500000
comment = My Share
path = /export
browseable = yes
public = yes
writable = yes
printable = no
create mask = 0765
EMPIC-EAP - *The* Standard Software for Aviation Authorities

This communication contains information which is confidential and may also be privileged. It is for the
exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any
distribution, copying or use of this communication or the information in it is strictly prohibited. If you have
received this communication in error please notify us immediately by email or by telephone and then delete
this email and any copies of it.
Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht
der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
Mail sind nicht gestattet.


-- To unsubscribe from this list go to the following URL and read the instructions: