Bug 3813 - User and Server Manager Broken
Summary: User and Server Manager Broken
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.22
Hardware: x86 Linux
: P2 normal
Target Milestone: 3.0.23
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-05-30 08:34 UTC by Mark Johnson
Modified: 2006-06-08 07:12 UTC (History)
1 user (show)

See Also:

Ethereal capture of user manager events. (550.41 KB, application/octet-stream)
2006-05-30 08:35 UTC, Mark Johnson
no flags Details
Samba log level 10 of user manager events. (72.19 KB, application/octet-stream)
2006-05-30 08:41 UTC, Mark Johnson
no flags Details
Concurrent ethereal capture (12.81 KB, application/x-gzip)
2006-06-01 08:27 UTC, Mark Johnson
no flags Details
Concurrent Samba log level 10 (72.07 KB, application/x-gzip)
2006-06-01 08:28 UTC, Mark Johnson
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Johnson 2006-05-30 08:34:13 UTC
After upgrading from 3.0.6 to 3.0.22, Windows user and server manager no longer function.  Upon executing, a messagebox pops up stating "The stub received bad data".  My current setup uses LDAP as the backend.
Comment 1 Mark Johnson 2006-05-30 08:35:55 UTC
Created attachment 1921 [details]
Ethereal capture of user manager events.
Comment 2 Mark Johnson 2006-05-30 08:41:40 UTC
Created attachment 1922 [details]
Samba log level 10 of user manager events.
Comment 3 Volker Lendecke 2006-05-31 08:23:52 UTC
Your log file and your ethereal trace don't seem to match. For example in Frame 217 of ethereal there is a SAMR querydisplayinformation call where the smb mid is 14272. In the logfile however I can not find smb_mid=14272. Are both really taken from the same sequence of events?

Comment 4 Mark Johnson 2006-05-31 08:56:56 UTC
They were not taken from the same sequence of events.  I did the ethereal capture first, and then the smb logs at a separate time.  I will rerun and capture both at the exact same time.

Comment 5 Mark Johnson 2006-06-01 08:27:39 UTC
Created attachment 1936 [details]
Concurrent ethereal capture

This ethereal capture was taken at the sames time as the srvfarm1.log level 10.
Comment 6 Mark Johnson 2006-06-01 08:28:39 UTC
Created attachment 1937 [details]
Concurrent Samba log level 10

Log level 10 taken at the same time as the usermanager.ethereal capture.
Comment 7 Volker Lendecke 2006-06-01 08:59:12 UTC
In line 30513 of you logfile you see we search for

ou=People,dc=astroshapes,dc=com,"dc=astroshapes, dc=com"], filter => [(&(uid=*)(objectclass=sambaSamAccount))]

and it seems your ldap server does not seem to return anything from that search. Do you have your users under ou=People,dc=astroshapes,dc=com? Can you try to 

ldapsearch -b ou=People,dc=astroshapes,dc=com -x '(&(uid=*)(objectclass=sambaSamAccount))' and make sure this returns your users?

Comment 8 Mark Johnson 2006-06-01 09:59:37 UTC
On the same server that is the Samba domain controller, I run:

]# ldapsearch -b ou=People,dc=astroshapes,dc=com -x '(&(uid=*)(objectclass=sambaSamAccount))'
version: 2

# filter: (&(uid=*)(objectclass=sambaSamAccount))
# requesting: ALL

<- SNIP ->

# search result
search: 2
result: 0 Success

# numResponses: 180
# numEntries: 179

It seems to return all of the users.  I also doesn't appear to give any errors, either.  Anything else I can try?
Comment 9 Volker Lendecke 2006-06-01 10:05:55 UTC
Can you attach a sniff of the traffic between your ldap server and your Samba server?


Comment 10 Mark Johnson 2006-06-01 11:04:30 UTC
I made a capture and the results showed what was wrong!  In my smb.conf file, I had:

ldap machine suffix = ou=Computers,dc=astroshapes,dc=com
ldap user suffix = ou=People,dc=astroshapes,dc=com
ldap suffix = dc=astroshapes,dc=com

This worked in older versions of samba.  Now, what was happening was it was appending the the "ldap suffix" to the "ldap user suffix" so the dn looked like:

dn: ou=People,dc=astroshapes,dc=com,dc=astroshapes,dc=com

Simply commenting out the ldap machine suffix and ldap user suffix makes all of the problems go away!

Thanks for the help!

Comment 11 Gerald (Jerry) Carter (dead mail address) 2006-06-08 07:12:29 UTC