Author Topic: can't create or edit users  (Read 2250 times)

a.chirkov

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
can't create or edit users
« on: July 22, 2021, 09:21:34 am »
Hi. I have Zentyal 6.2 as addition ad controller to windows server 2008r2.
Connects to the domain without errors, I see users in the web interface.
But then i try edit or create users I get the error:
Quote
There was an error updating LDAP: The request referenced an attribute that does not exist .<br/> Operation parameters:'modify [ \'add\', [ \'objectClass\', [ \'systemQuotas\' ] ] ] ' at /usr/share/perl5/EBox/Samba/LdapObject.pm line 433
In logs:
Quote
Command output: .
Exit value: 1 at root command set -e
rm -f '/var/lib/zentyal/conf/samba.keytab'
samba-tool domain exportkeytab '/var/lib/zentyal/conf/samba.keytab' --principal='ÐÑÑаÑоÑ@EP.LOC'
chown 'ebox:ebox' '/var/lib/zentyal/conf/samba.keytab'
chmod 400 '/var/lib/zentyal/conf/samba.keytab' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'naclrpc_as_system' registered
 GENSEC backend 'sasl-EXTERNAL' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'ntlmssp_resume_ccache' registered
 GENSEC backend 'http_basic' registered
 GENSEC backend 'http_ntlm' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Export one principal to /var/lib/zentyal/conf/samba.keytab
 chown: cannot access '/var/lib/zentyal/conf/samba.keytab': No such file or directory

Command output: .
Exit value: 1 at /usr/share/perl5/EBox/Module/Service.pm line 971
EBox::Module::Service::restartService('EBox::Samba=HASH(0x561a5296b3d0)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 121
eval {...} at /usr/share/perl5/EBox/Util/Init.pm line 119
EBox::Util::Init::moduleAction('samba', 'restartService', 'start') called at /usr/share/perl5/EBox/Util/Init.pm line 87
EBox::Util::Init::start at /usr/bin/zs line 35
main::main at /usr/bin/zs line 82
2021/07/22 11:55:42 INFO> Service.pm:965 EBox::Module::Service::restartService - Restarting service for module: webadmin
2021/07/22 11:55:45 INFO> Init.pm:90 EBox::Util::Init::start - Start modules finished
2021/07/22 11:55:49 INFO> SyncDaemon.pm:340 EBox::Samba::SyncDaemon::run - Samba sync daemon started
2021/07/22 11:56:06 ERROR> LdapObject.pm:433 EBox::Samba::LdapObject::save - There was an error updating LDAP: The request referenced an attribute that does not exist
Ok, based on this instruction https://wiki.samba.org/index.php/Keytab_Extraction created a keytab on the windows server and copied to  /var/lib/zentyal/conf/samba.keytab', but it didn't help and after restarting the service the keytab file was gone.
if i run command manualy:
Quote
user@zentyal:~$ sudo samba-tool domain exportkeytab '/var/lib/zentyal/conf/samba.keytab' --principal='ÐÑÑаÑоÑ@EP.LOC'
Quote
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Export one principal to /var/lib/zentyal/conf/samba.keytab
When i edit or create user from windows on zentyal controller - all work fine, in zentual log:
Quote
INFO> SyncDaemon.pm:125 EBox::Samba::SyncDaemon::checkUsers - Set user 'CN=test2,CN=Users,DC=EP,DC=LOC' uidNumber=65727
SyncDaemon.pm:131 EBox::Samba::SyncDaemon::checkUsers - Set user 'CN=test2,CN=Users,DC=EP,DC=LOC' gidNumber=2513

How do I fix this problem?
« Last Edit: July 22, 2021, 09:39:48 am by a.chirkov »

turalyon

  • Zen Warrior
  • ***
  • Posts: 204
  • Karma: +15/-0
    • View Profile
Re: can't create or edit users
« Reply #1 on: July 22, 2021, 12:11:25 pm »
Did you check the status of the internal database of Samba?

* https://wiki.samba.org/index.php/Dbcheck

a.chirkov

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: can't create or edit users
« Reply #2 on: July 22, 2021, 12:31:24 pm »
No errors:
Quote
root@zentyal:/home/user# samba-tool dbcheck --cross-ncs
Checking 3808 objects
Checked 3808 objects (0 errors)

a.chirkov

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: can't create or edit users
« Reply #3 on: July 27, 2021, 07:26:13 am »
up