I finally ran across the following post:
http://lists.samba.org/archive/samba/2006-May/120798.html
Turns out my earlier post to this list for help stems from the NSCD problem
like this person had.
I changed the negative TTLs in nscd.conf to 3s and changed the -t argument
to 15 in my add machine script.
This solved my join domain problem.
Before all this, NSCD was not running. When NSCD is not running I have the
following situation:
1. getent passwd always works, I get /etc/passwd and LDAP entries
2. id everyone always worked, it's only in LDAP.
3. Samba almost always failed to join the domain. Occasionally it would
work.
With NSCD now running with default TTLs for negative cache of 20s and
Add machine script -t 0, I had this scenario:
1. getent passwd always works, I get /etc/passwd and LDAP entries
2. id everyone mostly worked, but as soon as I join a couple machines to
the domain it would start failing.
3. Samba almost always failed to join the domain on the first go, second
try usually succeeded.
With NSCD now running with default TTLs for negative cache of 3s and
Add machine script -t 15, I have this scenario:
1. getent passwd always works, I get /etc/passwd and LDAP entries
2. id everyone mostly worked, but as soon as I join a two or more machines
to the domain it would start failing.
3. Samba joins the domain on the first go every time now.
NSCD version 2.5
OpenSLP 1.2.1
OpenLDAP 2.4.7
Samba 3.0.28
nss_ldap
CUPS 1.3.5
Linux distributions tested Pozix Linux and Slackware v.12.0.0
I hope this helps someone. I spent 2 weeks on this issue. It's poorly
documented. I found, in my travels, a post where someone from the Samba
team thinks it may be a good idea to invalidate the NSCD cache through NSCD
libs....
I'm still looking for a solution to use case item #2 in each of my scenarios
above besides having to power-cycle NSCD...
~Eric Mayo
Pozicom Technologies, Inc.
