I'm using samba-3.0.23d-19 on openSUSE 10.2 with an LDAP PDC arrangement I'm trying to sort out some problems with adding a trust relationship. Specifically, smbpasswd is failing when I try to create/modify the domain account. Further investigation shows that it is also failing to modify workstation accounts. However it is able to modify user accounts fine. The big difference here seems to be the ordering: Here is the debug level 4 output for trying to modify machine "PC-1": [ root# ] smbpasswd -D4 -m PC-1 smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))] smbldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected init_sam_from_ldap: Entry found for user: pc-1$ init_group_from_ldap: Entry found for group: 515 ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-284210356-3264030311-3336521042-515] count=0 init_group_from_ldap: Entry found for group: 515 ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-284210356-3264030311-3336521042-515] count=0 init_group_from_ldap: Entry found for group: 515 store_gid_sid_cache: gid 515 in cache -> S-1-5-21-284210356-3264030311-3336521042-515 Failed to set password for user PC-1$. Failed to modify password entry for user PC-1$ Here is the output for modifying user account "jbleau": [ root# ] smbpasswd -D4 jbleau smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LABS))] smbldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected New SMB password: Retype new SMB password: init_sam_from_ldap: Entry found for user: jbleau init_group_from_ldap: Entry found for group: 513 ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-284210356-3264030311-3336521042-513] count=0 init_group_from_ldap: Entry found for group: 513 ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-284210356-3264030311-3336521042-513] count=0 init_group_from_ldap: Entry found for group: 513 store_gid_sid_cache: gid 513 in cache -> S-1-5-21-284210356-3264030311-3336521042-513 ldapsam_update_sam_account: user jbleau to be modified has dn: uid=jbleau,ou=Users,dc=labs,dc=ntrg,dc=com init_ldap_from_sam: Setting entry for user: jbleau ldapsam_modify_entry: LDAP Password changed for user jbleau ldapsam_update_sam_account: successfully modified uid = jbleau in the LDAP database Note that smbpasswd prompted for the user password before trying to search (perhaps this is bind-related). Also note that neither the workstation or user modification routines claimed to be able to locate the associated SID (judging from LDAP traces, the search appears to be malformed), but that did not have any effect on the outcome of the user operation. Anybody know what's up? -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/