This is some very odd behavior with Samba, I think we have a bug...
My set up is:
Samba is running as a PDC / Domain Logins.
OpenSLP 1.2.1
OpenLDAP 2.4.7
Samba 3.0.28
nss_ldap
CUPS 1.3.5
Using the smbldap-useradd scripts that come with Samba! I don't download
them from PADL.com
Not using PAM modules.
getent passwd & getent group work fine.
I can no longer join workstations (windows-xp pro with SP2) to the domain.
At one point, I was able to join workstations to the domain. Then
everything suddenly stopped working after I restarted SMBD and NMBD.
_samr_create_user: Running the command
'/usr/local/pozix/samba/bin/smbldap-useradd -w -d /dev/null -s /bin/false -g
515 "labpc1$"' gave 0
Finding user LABPC1$
Trying _Get_Pwnam(), username as lowercase is labpc1$
Trying _Get_Pwnam(), username as given is LABPC1$
Checking combinations of 0 uppercase letters in labpc1$
Get_Pwnam_internals didn't find user [LABPC1$]!
pdb_default_create_user: failed to create a new user structure:
NT_STATUS_NO_SUCH_USER
Now what is very interesting is the LDAP logs show the following queries:
Before the smbldap-useradd command is executed, I see LDAP queries for
labpc1$ which nentries=0 for each query.
Then I see this:
ADD dn="uid=labpc1$,ou=Computers,dc=mycompany,dc=corp"
RESULT tag=105 err=0 textUNBIND
Then, at same time stamp as the Get_Pwnam() calls, I see two LDAP queries
using * for the name.
SRCH base="ou=Computers,dc=mycompany,dc=corp" scope=1 deref=0
fo;ter="(objectClass=*)"
SEARCH RESULT tag=101 err=0 nentries=2 text=
SRCH base="ou=Computers,dc=mycompany,dc=corp" scope=1 deref=0
fo;ter="(objectClass=*)"
SEARCH RESULT tag=101 err=0 nentries=2 text=
The nentries=2 is because my Samba server account and the new LABPC1 account
yet Get_Pwnam() is failing.
This problem has been perplexing me for the last 2 weeks. Sometimes the
system starts working to where I can join workstations and then it stops.
At one point I commented out the line OS level =65 and I was able to join
workstations. But then as soon as I restarted the NMBD and SMBD processes,
things broke again.
The bmdldap-useradd call results in a new LDAP entry actually getting built
with only Posix account attributes. My understanding is that the samba
processes (SMBD) populates the entry with Samba attributes after calling the
add machine script and seeking on the CN of the LDAP entry for the %u
argument?
If the query is the contents of %u from the add machine script, then why do
the LDAP logs show objectClass=* ?
I think the call: status = samu_alloc_rid_unix( sam_pass, pwd); is not
working correctly.
I've not digged into the source code too much -- not at all familiar with
the samba source code but after two weeks of having this problem, I'm ready
to either learn the source or just install a Windows server!
Anyone care to lend a hand or shoot some things to try?
I'll spare the list of dumping my smb.conf file. Like I said, it works
sometimes and then quites working after restarting the samba deamons.
At one point I even rebuild Samba with a different LANG setting. CUPS must
have LANG=en_US.UTF-8 or else Samba can not read the /etc/printcap file. So
I fiddled around a bit with different combinations of the LANG setting to
see if this had any effect...
Thanks in advance for any help/advise.
~Eric
