samba - Oct 2003 - ldapsam_compat & net rpc user issue (maybe BUG?)

Hi all,

I'm sorry i have to complain about something that seems to go wrong with
samba.
I'm a long time satisfacted Samba 2 user and i have to switch to 3.0.
I'm using samba 3.0.0 on a test Debian machine with pre-built packages from
Debian.
It comes with openldap 2.1.22

I've tested Samba 3.0 as a PDC for WinXP machines...
and it works great! :-)

But i am facing an issue i can't solve alone, despite hours of readings :-(.

I have to use ldapsam_compat on my system to be able to use Directory
Administrator.
The following users are created on ldap: toto, zzAdmin, fchevalier
I also use tdbsam with the following users : toto3, toto4, toto5; root.

My setup seems to work:
  -I can connect to home shares of my ldap & tdb users. The authentification
goes right.
  -But when i run net rpc user, i get the following:

        dc-sorral-05:~# net rpc user -Utoto
        Password:
        toto3
        toto4
        root
        toto5

  I got authenticated trough my ldap 'toto' user but it is not in the
list !!!.
  My ldap users are not listed!
  With debug level 2 I got in my logs:

  2003/10/09 18:00:52, 2] lib/smbldap.c:smbldap_search_suffix(1066)
  smbldap_search_suffix: searching
for:[(&(uid=*)(objectclass=sambaAccount))]
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(948)
  ldapsam_setsampwent: 3 entries in the base!
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460)
  init_sam_from_ldap: Entry found for user: toto
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460)
  init_sam_from_ldap: Entry found for user: zzAdmin
[2003/10/09 18:00:52, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460)
  init_sam_from_ldap: Entry found for user: fchevalier

So it seems samba is able to retrieve them from LDAP.

Has anybody got this same trouble?
Have i missed something in the doc (RTFM, RTFM...)?

Cheers,

Fabien Chevalier

PS - Here is my smb.conf

======================= Global Settings ======================
[global]

  unix charset = ISO8859-1
  nt acl support = yes

## Browsing/Identification ###

   workgroup = DC-SORRAL
   netbios name = STR-DON-01
   domain master = yes
   domain logons = yes

# server string is the equivalent of the NT Description field
   server string = Serveur de Fichiers micro-informatique Sorral

# LDAP support
   ldap admin dn = cn=admin,dc=sorral,dc=duferco-coating,dc=com
   ldap ssl = off
   ldap suffix = dc=sorral,dc=duferco-coating,dc=com
   ldap user suffix = ou=People
   ldap group suffix = ou=Group
   ldap passwd sync = true

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
   wins support = yes

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast

# Needed by NT PDC support
add machine script = /usr/sbin/useradd -d /dev/null -g nogroup -c 'Machine
account' -s /bin/false %u

#Logon settings
logon home = \\%L\%U
logon drive = P:
logon path = \\%L\Profiles\%U

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m
   log level = 3

# Put a capping on the size of the log files (in Kb).
   max log size = 5000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
;   syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


   security = user
   encrypt passwords = true

   passdb backend = tdbsam ldapsam_compat:ldap://localhost
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  domain master = auto

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   create mask = 0700
   directory mask = 0700
   root preexec = mkdir /home/%u; chown %u /home/%u; chmod 700 /home/%u;



[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   guest ok = yes
   writable = no
   share modes = no

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
[Profiles]
        path = /users/profiles
        nt acl support =  yes
#       profile acls = Yes
        browsable = no
        writable = yes
        directory mask = 700
        create mask = 700

Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20031010/fc02e84e/attachment.bin

Hi,

I have every Samba server set to security = domain for
single password dbase management.

So for example, I have a Samba file server;

\\stuff\people

And the same Samba file server but its virtual server;

\\arc3\jobs

When users try to access \\arc3\jobs, they are asked
for a password and never allowed access until I copy
over smbpasswd from the Samba PDC to it.

security = domain works for the non virtual Samba
server but not the virual Samba server.

Can some one help?

Bri- 

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com