samba - Sep 2009 - Problems with Samba 3.4 under Opensolaris snv_111b

Hi List,

I compiled Samba 3.4 for Opensolaris because the samba SUNWsmba  
shipped my SFW did not work properly.

Now I had to realize, that the Problems are still there so I beleve  
that it is a common Problem with Solaris (?)

I have samba running as PDC with a Sun Directory Server as backend.  
All Authentication to Unix Clients work well with DSEE but Samba seems  
so have some trouble:

First, Password modify extended operation does not work so no  
smbpasswd <username> is possible when "ldap passwd sync" is set
to
yes. But exop basically works when I change the password using  
ldappasswd as user Manager.

The corresponding Error from smbpasswd is:

"ldapsam_modify_entry: LDAP Password could not be changed for user  
admin: Invalid syntax"
"Encountered an unexpected requestValue sequence element tag."

The workaround is to set the passwd and smbpasswd in one skript. But  
that is not a good idea, since users have to change their passwords  
for unix and windows seperately.

Second, joining a Windows XP host to the domein is sometimes possible,  
sometimes not. When I add a machine account using "smbpasswd -a -m  
host$" sometimes it fails with:

"pdb_default_create_user: failed to create a new user structure:  
NT_STATUS_NO_SUCH_USER"

The user exists then as created by the corresponding ldapadd script,  
but the samba related attributes are missing. I use the ldapscripts  
from sf.net. My ldap stuff in smb.conf is shown below.

Has anybody some expierience how to make samba/ldap/M$ ready for production?
Any hints would be greatly appreciated

Best regards

Ralf

   ########
   # LDAP #
   ########
   passdb backend = ldapsam:ldap://127.0.0.1/
   ldap ssl = Off
   invalid users = root
   ldap admin dn = cn=Directory Manager
   ldap suffix = dc=daheim,dc=int
   ldap group suffix = ou=group
   ldap user suffix = ou=people
   ldap machine suffix = ou=machines
   ldap passwd sync = no

   # scripts ldap
   # by default we add users to group
   add machine script = /usr/local/sbin/ldapaddmachine '%u' 1003
   add user script = /usr/local/sbin/ldapadduser '%u' 1001
   add group script = /usr/local/sbin/ldapaddgroup '%g'
   add user to group script = /usr/local/sbin/ldapaddusertogroup '%u'
'%g'
   delete user script = /usr/local/sbin/ldapdeleteuser '%u'
   delete group script = /usr/local/sbin/ldapdeletegroup '%g'
   delete user from group script =  
/usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
   set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u'
'%g'
###########################

On Mon, Sep 07, 2009 at 11:41:00PM +0200, Ralf Hornik Mailings
wrote:
> "ldapsam_modify_entry: LDAP Password could not be changed for user  
> admin: Invalid syntax"
> "Encountered an unexpected requestValue sequence element tag."
That one should be fixed in 3.4.1. See bug 5886.
>
> The workaround is to set the passwd and smbpasswd in one skript. But  
> that is not a good idea, since users have to change their passwords for 
> unix and windows seperately.
>
> Second, joining a Windows XP host to the domein is sometimes possible,  
> sometimes not. When I add a machine account using "smbpasswd -a -m  
> host$" sometimes it fails with:
>
> "pdb_default_create_user: failed to create a new user structure:  
> NT_STATUS_NO_SUCH_USER"
This can happen when you have nscd running. Try without
during those operations.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20090908/a5dea7e7/attachment.pgp>

Volker Lendecke <Volker.Lendecke at SerNet.DE> schreibte:
>> "Encountered an unexpected requestValue sequence element
tag."
> That one should be fixed in 3.4.1. See bug 5886.
Patch applied - problem solved
>> "pdb_default_create_user: failed to create a new user structure:
>> NT_STATUS_NO_SUCH_USER"
> This can happen when you have nscd running. Try without
> during those operations.
Indeed, disabling nscd helps, but additionally I had to move my  
machine accounts under my user container.

Bug 3235 seems to describe this issue, but is not appliable to samba  
3.4. Is there any other known solution/patch?

Thank you very much for this quick help!

Ralf