Bug 3813 - User and Server Manager Broken
Summary: User and Server Manager Broken
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.22
Hardware: x86 Linux
: P2 normal
Target Milestone: 3.0.23
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-05-30 08:34 UTC by Mark Johnson
Modified: 2006-06-08 07:12 UTC (History)
1 user (show)

See Also:

Ethereal capture of user manager events. (550.41 KB, application/octet-stream)
2006-05-30 08:35 UTC, Mark Johnson
no flags Details
Samba log level 10 of user manager events. (72.19 KB, application/octet-stream)
2006-05-30 08:41 UTC, Mark Johnson
no flags Details
Concurrent ethereal capture (12.81 KB, application/x-gzip)
2006-06-01 08:27 UTC, Mark Johnson
no flags Details
Concurrent Samba log level 10 (72.07 KB, application/x-gzip)
2006-06-01 08:28 UTC, Mark Johnson
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Johnson 2006-05-30 08:34:13 UTC
After upgrading from 3.0.6 to 3.0.22, Windows user and server manager no longer function.  Upon executing, a messagebox pops up stating "The stub received bad data".  My current setup uses LDAP as the backend.
Comment 1 Mark Johnson 2006-05-30 08:35:55 UTC
Created attachment 1921 [details]
Ethereal capture of user manager events.
Comment 2 Mark Johnson 2006-05-30 08:41:40 UTC
Created attachment 1922 [details]
Samba log level 10 of user manager events.
Comment 3 Volker Lendecke 2006-05-31 08:23:52 UTC
Your log file and your ethereal trace don't seem to match. For example in Frame 217 of ethereal there is a SAMR querydisplayinformation call where the smb mid is 14272. In the logfile however I can not find smb_mid=14272. Are both really taken from the same sequence of events?

Comment 4 Mark Johnson 2006-05-31 08:56:56 UTC
They were not taken from the same sequence of events.  I did the ethereal capture first, and then the smb logs at a separate time.  I will rerun and capture both at the exact same time.

Comment 5 Mark Johnson 2006-06-01 08:27:39 UTC
Created attachment 1936 [details]
Concurrent ethereal capture

This ethereal capture was taken at the sames time as the srvfarm1.log level 10.
Comment 6 Mark Johnson 2006-06-01 08:28:39 UTC
Created attachment 1937 [details]
Concurrent Samba log level 10

Log level 10 taken at the same time as the usermanager.ethereal capture.
Comment 7 Volker Lendecke 2006-06-01 08:59:12 UTC
In line 30513 of you logfile you see we search for

ou=People,dc=astroshapes,dc=com,"dc=astroshapes, dc=com"], filter => [(&(uid=*)(objectclass=sambaSamAccount))]

and it seems your ldap server does not seem to return anything from that search. Do you have your users under ou=People,dc=astroshapes,dc=com? Can you try to 

ldapsearch -b ou=People,dc=astroshapes,dc=com -x '(&(uid=*)(objectclass=sambaSamAccount))' and make sure this returns your users?

Comment 8 Mark Johnson 2006-06-01 09:59:37 UTC
On the same server that is the Samba domain controller, I run:

]# ldapsearch -b ou=People,dc=astroshapes,dc=com -x '(&(uid=*)(objectclass=sambaSamAccount))'
version: 2

# filter: (&(uid=*)(objectclass=sambaSamAccount))
# requesting: ALL

<- SNIP ->

# search result
search: 2
result: 0 Success

# numResponses: 180
# numEntries: 179

It seems to return all of the users.  I also doesn't appear to give any errors, either.  Anything else I can try?
Comment 9 Volker Lendecke 2006-06-01 10:05:55 UTC
Can you attach a sniff of the traffic between your ldap server and your Samba server?


Comment 10 Mark Johnson 2006-06-01 11:04:30 UTC
I made a capture and the results showed what was wrong!  In my smb.conf file, I had:

ldap machine suffix = ou=Computers,dc=astroshapes,dc=com
ldap user suffix = ou=People,dc=astroshapes,dc=com
ldap suffix = dc=astroshapes,dc=com

This worked in older versions of samba.  Now, what was happening was it was appending the the "ldap suffix" to the "ldap user suffix" so the dn looked like:

dn: ou=People,dc=astroshapes,dc=com,dc=astroshapes,dc=com

Simply commenting out the ldap machine suffix and ldap user suffix makes all of the problems go away!

Thanks for the help!

Comment 11 Gerald (Jerry) Carter 2006-06-08 07:12:29 UTC