Failed to add members to group

activedirectory
v7

(Luis Pinzon) #1

Adding an user to a group causes unable to find user, but the user exists.
I have 32 users and the error only occurs with 3 specific users.
the error continues after recreating those users
The username that can not be added to any group are: eventos, mantenimiento, contabilidadd-i

System version
NethServer release 7.4.1708 (Final)
Kernel release
3.10.0-693.11.1.el7.x86_64

/var/log/messages:
Jan 2 14:45:21 nethserver esmith::event[19774]: ERROR(exception): Failed to add members “eventos” to group “prueba-grupo” - Unable to find “eventos”. Operation cancelled.
Jan 2 14:45:21 nethserver esmith::event[19774]: File “/usr/lib64/python2.7/site-packages/samba/netcmd/group.py”, line 239, in run
Jan 2 14:45:21 nethserver esmith::event[19774]: add_members_operation=True)
Jan 2 14:45:21 nethserver esmith::event[19774]: File “/usr/lib64/python2.7/site-packages/samba/samdb.py”, line 274, in add_remove_group_members
Jan 2 14:45:21 nethserver esmith::event[19774]: raise Exception(‘Unable to find “%s”. Operation cancelled.’ % member)
Jan 2 14:45:21 nethserver esmith::event[19774]: [ERROR] Failed to update the members list of group prueba-grupo at /etc/e-smith/events/group-modify line 86, line 30.
Jan 2 14:45:21 nethserver esmith::event[19774]: Action: /etc/e-smith/events/group-modify/S40nethserver-dc-group-modify FAILED: 1 [0.684069]


(Markus Neuberger) #2

Hi @lapinzon,

Did you try other way round - add group to user?

What do they have in common and different to the working ones? Long names, special non-ascii chars in name? Does it work after a reboot (at least once) ?


(Luis Pinzon) #3

Yes, the error continues via group-members and and via member to groups.
The names are not special chars
The error continues after reboot


(Markus Neuberger) #4

Sorry, I couldn’t reproduce your error.

You may try to find differences of working users to non-working users in AD with phpldapadmin:

https://wiki.nethserver.org/doku.php?id=phpldapadmin

Found similar error and, as yours, not reproduceable:


(Giacomo Sanchietti) #5

You probably have some machine accounts with the same of the users.

You need to inspect the Samba container status:

net ads search -P objectClass=Computer

If you find something strange, you need to access the container and remove the machine accounts using samba-tool.

To have a shell inside the nsdc container:

systemd-run -M nsdc -t /bin/bash

(Luis Pinzon) #6

Giacomo, I think you are right. The three names that cause me the
problem are also machine names.
Next week I will rename the machines and I will confirm to you about the
solution.

Many thanks to You and to Markus


(Alessio Fattorini) #7

Good! Let us know so we can solve the topic :slight_smile:


(Luis Pinzon) #8

Giacomo was right. The three user names that could not be added to groups were also machine names.

I renamed the machines and now everything is fine.

Thanks a lot community


(Markus Neuberger) #9

You’re welcome!

If a topic is solved for you, please mark the right answer as solution, I suggest the post of @giacomo .

https://community.nethserver.org/t/howto-mark-a-topic-as-solved/1750

It will help others with the same problem to find a solution easily.