I have a Samba3 PDC/LDAP/PAM/NSS running in a lab. Everything works
great. I am using the smbldap scripts for in smb.conf so i can use
usrmgr.exe. Last night I was testing to make sure it was all working
ok. I added about 6 accounts throught usrmgr.exe with no problem.
The smbldap scripts added the user to LDAP, and then samba 'extended'
them to samba accounts. Then I tried to add an account for myself
using my usual username. It failed. I tried again, it failed. I was
given an error of "Access Denied" My troubleshooting went as follows:
-run the smbldap script on the local machine. LDAP posix account added OK.
-run smbpasswd -a username. Account 'extended to samba account OK.
-Deleted the account
-run smbpasswd -a username. Failed "Cannot create user", but a user
account appeared in ldap. It only had sambaaccount objecttype. No
posixaccount, no shadowaccount, no inetorgperson. Hmmm, strange.
After about an hour of scrambling, I figured out what was happening.
My 'usual' useraccount was already in the local machines /etc/passwd.
After removing it from /etc/passwd all attempts to add the account
were successful. So my question is . . .
Does samba do some check on /etc/passwd, before adding an account,
even if ldap is used as the backend passdb?
Thanks,
cooper
