Problem creating a user and setting a group in Samba AD

ibinetwork · December 23, 2016, 6:41pm

NethServer Version: 7 Rc3
Module: Samba AD

I have problem to create user and set group, log ==>

Dec 23 16:39:11 servidor esmith::event[10041]: Event: user-create rmelo Rafael Melo /usr/libexec/openssh/sftp-server
Dec 23 16:39:11 servidor esmith::event[10041]: User 'rmelo' created successfully
Dec 23 16:39:11 servidor esmith::event[10041]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.56404]
Dec 23 16:39:12 servidor esmith::event[10041]: [NOTICE] clearing sssd cache for user rmelo@now.lan
Dec 23 16:39:12 servidor esmith::event[10041]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.13022]
Dec 23 16:39:12 servidor esmith::event[10041]: Event: user-create SUCCESS
Dec 23 16:39:13 servidor esmith::event[10096]: Event: group-modify ti rsantos rmelo
Dec 23 16:39:13 servidor esmith::event[10096]: expanding /etc/ufdbguard/ufdbGuard.conf
Dec 23 16:39:13 servidor dbus[1193]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service'
Dec 23 16:39:13 servidor dbus-daemon: dbus[1193]: [system] Activating via systemd: service name='org.freedesktop.timedate1' unit='dbus-org.freedesktop.timedate1.service'
Dec 23 16:39:13 servidor systemd: Starting Time & Date Service...
Dec 23 16:39:13 servidor dbus[1193]: [system] Successfully activated service 'org.freedesktop.timedate1'
Dec 23 16:39:13 servidor dbus-daemon: dbus[1193]: [system] Successfully activated service 'org.freedesktop.timedate1'
Dec 23 16:39:13 servidor systemd: Started Time & Date Service.
Dec 23 16:39:13 servidor esmith::event[10096]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.358551]
Dec 23 16:39:14 servidor esmith::event[10096]: ERROR(exception): Failed to add members "rmelo" to group "ti" - Unable to find "rmelo". Operation cancelled.
Dec 23 16:39:14 servidor esmith::event[10096]:  File "/usr/lib64/python2.7/site-packages/samba/netcmd/group.py", line 227, in run
Dec 23 16:39:14 servidor esmith::event[10096]:    add_members_operation=True)
Dec 23 16:39:14 servidor esmith::event[10096]:  File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 274, in add_remove_group_members
Dec 23 16:39:14 servidor esmith::event[10096]:    raise Exception('Unable to find "%s". Operation cancelled.' % member)
Dec 23 16:39:14 servidor esmith::event[10096]: [ERROR] Failed to update the members list of group ti at /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify line 86, <PS> line 1.
Dec 23 16:39:14 servidor esmith::event[10096]: Action: /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify FAILED: 1 [1.062993]
Dec 23 16:39:14 servidor esmith::event[10096]: ufdb.service is not a native service, redirecting to /sbin/chkconfig.
Dec 23 16:39:14 servidor esmith::event[10096]: Executing /sbin/chkconfig ufdb off
Dec 23 16:39:14 servidor systemd: Reloading.
Dec 23 16:39:15 servidor esmith::event[10096]: [INFO] ufdb is disabled: skipped
Dec 23 16:39:15 servidor esmith::event[10096]: [INFO]
Dec 23 16:39:15 servidor esmith::event[10096]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.249616]
Dec 23 16:39:15 servidor esmith::event[10096]: [NOTICE] clearing sssd cache for group ti@now.lan
Dec 23 16:39:15 servidor esmith::event[10096]: Action: /etc/e-smith/events/group-modify/S90nethserver-sssd-clear-cache SUCCESS [0.156772]
Dec 23 16:39:15 servidor esmith::event[10096]: Event: group-modify FAILED
Dec 23 16:39:15 servidor esmith::event[10169]: Event: password-policy-update rmelo no
Dec 23 16:39:15 servidor esmith::event[10169]: [NOTICE] clearing sssd cache for user rmelo@now.lan
Dec 23 16:39:15 servidor esmith::event[10169]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.130196]
Dec 23 16:39:16 servidor esmith::event[10169]: Expiry for user 'rmelo' disabled.
Dec 23 16:39:16 servidor esmith::event[10169]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.688779]
Dec 23 16:39:16 servidor esmith::event[10169]: Event: password-policy-update SUCCESS

And existing users dont access shared folder, please help

davidep · December 23, 2016, 9:08pm

ibinetwork:

Dec 23 16:39:14 servidor esmith::event[10096]: ERROR(exception): Failed to add members “rmelo” to group “ti” - Unable to find “rmelo”. Operation cancelled.
Dec 23 16:39:14 servidor esmith::event[10096]: File “/usr/lib64/python2.7/site-packages/samba/netcmd/group.py”, line 227, in run
Dec 23 16:39:14 servidor esmith::event[10096]: add_members_operation=True)
Dec 23 16:39:14 servidor esmith::event[10096]: File “/usr/lib64/python2.7/site-packages/samba/samdb.py”, line 274, in add_remove_group_members
Dec 23 16:39:14 servidor esmith::event[10096]: raise Exception(‘Unable to find “%s”. Operation cancelled.’ % member)
Dec 23 16:39:14 servidor esmith::event[10096]: [ERROR] Failed to update the members list of group ti at /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify line 86, <PS> line 1.

The group “ti” has some problem… Can you see it under the Groups listings?

ibinetwork · December 23, 2016, 9:10pm

Yes, the ti group listing on group tab, and i create a new group named teste and this create with sucess but add this group to user rmelo, and get the same error

ibinetwork · December 23, 2016, 9:13pm

The problem is with the rmelo user, but i remove rmelo user and recreate, but the error persist. How to resolve? Help please

davidep · December 23, 2016, 9:23pm

The errors seem to come from samba-tool command…

ibinetwork · December 23, 2016, 9:27pm

All commands execute on interface web, only the logs i get on /var/log/messages and paste

ibinetwork · December 23, 2016, 9:28pm

I create a new user, and add a group to this user, and sucessul, the problem only on exiting users

davidep · December 23, 2016, 9:30pm

Could you paste the output of this command ?

account-provider-test dump

ibinetwork · December 23, 2016, 9:31pm

{ "startTls" : "", "bindUser" : "SERVIDOR$", "userDN" : "dc=now,dc=lan", "port" : 636, "isAD" : "1", "host" : "now.lan", "groupDN" : "dc=now,dc=lan", "isLdap" : "", "ldapURI" : "ldaps://now.lan", "baseDN" : "dc=now,dc=lan", "bindPassword" : "7eGOA:G8$,baU[", "bindDN" : "NOW\\SERVIDOR$" }

davidep · December 23, 2016, 9:37pm

Other command:

 id rmelo

ibinetwork · December 23, 2016, 9:48pm

uid=1592401196(rmelo) gid=1592400513(domain users@now.lan) groups=1592400513(domain users@now.lan)

davidep · December 23, 2016, 9:54pm

Rather puzzling… Who can reproduce it @quality_team ? If it is reproducible it is a #bug!

ibinetwork · December 23, 2016, 9:55pm

Ok Thanks for help, other problem, any user dont have access to shared folders, the ACL and permissions is correct but dont have access

davidep · December 23, 2016, 9:59pm

Probably it is related to the other one!

ibinetwork · December 23, 2016, 10:00pm

You recommend to open a new topic?

davidep · December 23, 2016, 10:02pm

No, as you see from the last command rmelo is not member of ti. That means he cannot access a share owned by group ti.

Now we didn’t still understand why rmelo wasn’t added to ti. That’s the main issue.

ibinetwork · December 23, 2016, 10:06pm

Others users have the same problem, others users its ok to a members of group, but no access shared folders with permission of group

Ex.:
User
dferreir ==> group transporte
Shared folder
transporte ==> acl transporte read write

and dferreir dont have acess

ibinetwork · December 23, 2016, 10:08pm

If add the user on ACL of shared folder, this access. but only add group, the user dont have access

dnutan · December 25, 2016, 12:51pm

I had a similar problem, only with the first created user.

Installed nethserver-dc
Configured nsdc bridge
Password set for admin and administrator
Created a test1 user: apparently OK
Created an office group, adding the test1 user in the same step: FAILED

At that time nethserver-sssd-1.1.0-1.ns7.noarch was in use.

Dec 17 22:46:30 test1 esmith::event[6589]: Event: user-create test1 test1 /bin/bash
Dec 17 22:46:30 test1 esmith::event[6589]: User 'test1' created successfully
Dec 17 22:46:30 test1 esmith::event[6589]: Action: /etc/e-smith/events/user-create/S40nethserver-dc-user-create SUCCESS [0.486847]
Dec 17 22:46:30 test1 esmith::event[6589]: [NOTICE] clearing sssd cache for user test1@local.neth.eu
Dec 17 22:46:30 test1 esmith::event[6589]: No cache object matched the specified search
Dec 17 22:46:30 test1 esmith::event[6589]: Action: /etc/e-smith/events/user-create/S90nethserver-sssd-clear-cache SUCCESS [0.034926]
Dec 17 22:46:30 test1 esmith::event[6589]: Event: user-create SUCCESS
Dec 17 22:46:30 test1 esmith::event[6627]: Event: password-policy-update test1 yes
Dec 17 22:46:30 test1 esmith::event[6627]: [NOTICE] clearing sssd cache for user test1@local.neth.eu
Dec 17 22:46:30 test1 esmith::event[6627]: No cache object matched the specified search
Dec 17 22:46:30 test1 esmith::event[6627]: Action: /etc/e-smith/events/password-policy-update/S10nethserver-sssd-clear-cache SUCCESS [0.016385]
Dec 17 22:46:31 test1 esmith::event[6627]: Expiry for user 'test1' set to 180 days.
Dec 17 22:46:31 test1 esmith::event[6627]: Action: /etc/e-smith/events/password-policy-update/S30nethserver-dc-password-policy SUCCESS [0.424192]
Dec 17 22:46:31 test1 esmith::event[6627]: Event: password-policy-update SUCCESS
Dec 17 22:46:31 test1 esmith::event[6651]: Event: password-modify test1@local.neth.eu /tmp/ng-eSBH1w
Dec 17 22:46:31 test1 esmith::event[6651]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.001991]
Dec 17 22:46:31 test1 esmith::event[6651]: spawn /usr/bin/systemd-run -M nsdc -q -t /usr/bin/samba-tool user setpassword test1
Dec 17 22:46:31 test1 esmith::event[6651]: New Password:
Dec 17 22:46:31 test1 esmith::event[6651]: Changed password OK
Dec 17 22:46:31 test1 esmith::event[6651]: Action: /etc/e-smith/events/password-modify/S30nethserver-dc-password-set SUCCESS [0.355891]
Dec 17 22:46:32 test1 esmith::event[6651]: Enabled user 'test1'
Dec 17 22:46:32 test1 esmith::event[6651]: Action: /etc/e-smith/events/password-modify/S40nethserver-dc-user-unlock SUCCESS [0.323793]
Dec 17 22:46:32 test1 esmith::event[6651]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [0.017601]
Dec 17 22:46:32 test1 esmith::event[6651]: Event: password-modify SUCCESS
Dec 17 22:46:47 test1 esmith::event[6849]: Event: group-create office test1
Dec 17 22:46:47 test1 esmith::event[6849]: Added group office
Dec 17 22:46:47 test1 esmith::event[6849]: ERROR(exception): Failed to add members "test1" to group "office" - Unable to find "test1". Operation cancelled.
Dec 17 22:46:47 test1 esmith::event[6849]:  File "/usr/lib64/python2.7/site-packages/samba/netcmd/group.py", line 227, in run
Dec 17 22:46:47 test1 esmith::event[6849]:    add_members_operation=True)
Dec 17 22:46:47 test1 esmith::event[6849]:  File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 274, in add_remove_group_members
Dec 17 22:46:47 test1 esmith::event[6849]:    raise Exception('Unable to find "%s". Operation cancelled.' % member)
Dec 17 22:46:47 test1 esmith::event[6849]: [ERROR] Failed to add members to group office
Dec 17 22:46:47 test1 esmith::event[6849]: Action: /etc/e-smith/events/group-create/S40nethserver-dc-group-create FAILED: 3 [0.640713]
Dec 17 22:46:47 test1 esmith::event[6849]: [NOTICE] clearing sssd cache for group office@local.neth.eu
Dec 17 22:46:48 test1 esmith::event[6849]: Action: /etc/e-smith/events/group-create/S90nethserver-sssd-clear-cache SUCCESS [0.242105]
Dec 17 22:46:48 test1 esmith::event[6849]: Event: group-create FAILED

Adding a group to an user:

Dec 17 22:54:37 test1 esmith::event[7508]: ERROR(exception): Failed to add members "test1" to group "office" - Unable to find "test1". Operation cancelled.
Dec 17 22:54:37 test1 esmith::event[7508]:  File "/usr/lib64/python2.7/site-packages/samba/netcmd/group.py", line 227, in run
Dec 17 22:54:37 test1 esmith::event[7508]:    add_members_operation=True)
Dec 17 22:54:37 test1 esmith::event[7508]:  File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 274, in add_remove_group_members
Dec 17 22:54:37 test1 esmith::event[7508]:    raise Exception('Unable to find "%s". Operation cancelled.' % member)
Dec 17 22:54:37 test1 esmith::event[7508]: [ERROR] Failed to update the members list of group office at /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify line 86.
Dec 17 22:54:37 test1 esmith::event[7508]: Action: /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify FAILED: 1 [0.64176]
Dec 17 22:54:37 test1 esmith::event[7508]: [NOTICE] clearing sssd cache for group office@local.neth.eu
Dec 17 22:54:38 test1 esmith::event[7508]: Action: /etc/e-smith/events/group-modify/S90nethserver-sssd-clear-cache SUCCESS [0.149664]
Dec 17 22:54:38 test1 esmith::event[7508]: Event: group-modify FAILED

Adding the user to the group:

Dec 25 13:21:27 test1 esmith::event[2307]: Event: group-modify office@local.neth.eu test1 admin
Dec 25 13:21:28 test1 esmith::event[2307]: ERROR(exception): Failed to add members "test1" to group "office" - Unable to find "test1". Operation cancelled.
Dec 25 13:21:28 test1 esmith::event[2307]:  File "/usr/lib64/python2.7/site-packages/samba/netcmd/group.py", line 227, in run
Dec 25 13:21:28 test1 esmith::event[2307]:    add_members_operation=True)
Dec 25 13:21:28 test1 esmith::event[2307]:  File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 274, in add_remove_group_members
Dec 25 13:21:29 test1 esmith::event[2307]:    raise Exception('Unable to find "%s". Operation cancelled.' % member)
Dec 25 13:21:29 test1 esmith::event[2307]: [ERROR] Failed to update the members list of group office at /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify line 86, <PS> line 1.
Dec 25 13:21:29 test1 esmith::event[2307]: Action: /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify FAILED: 1 [1.969198]
Dec 25 13:21:29 test1 esmith::event[2307]: [NOTICE] clearing sssd cache for group office@local.neth.eu
Dec 25 13:21:29 test1 esmith::event[2307]: Action: /etc/e-smith/events/group-modify/S90nethserver-sssd-clear-cache SUCCESS [0.251362]
Dec 25 13:21:29 test1 esmith::event[2307]: Event: group-modify FAILED

Following the same steps with a new install worked without problem.