Bug 584 - domain join - sambaSamAccount missing to machine account
domain join - sambaSamAccount missing to machine account
Status: RESOLVED INVALID
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.0
All Linux
: P3 major
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-08 02:56 UTC by Ulf Dettmer
Modified: 2005-11-14 09:24 UTC (History)
0 users

See Also:


Attachments
lvl. 10 client log / LDAP log / smb.conf (26.05 KB, application/x-gzip-compressed)
2003-10-08 02:57 UTC, Ulf Dettmer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ulf Dettmer 2003-10-08 02:56:05 UTC
Note: I'Ve already posted this to Bug #438, but I came to believe my problem 
ist not connected to that other Bug after I mailed with it's author.

Environment:
- SuSE 8.2 
- Samba 3.0 Release, enhanced with patches from Bugs #328 and #330
- NDS / eDirectory 8.71 on another machine
- Windows 2000 / XP clients

When I try to add a client which has machine account before to my Samba domain 
with the "Network ID" wizard, the operation fails and Windows reports a "Bad 
Username" error. Anyway, Samba seems to execute the "add machine script" and 
thus a perfectly valid posixAccount user is being created. I can even do 
a "smbpasswd -amn [machinename]" on that user object to make it become a 
machine account. After that, the "Network ID" wizard finishes without a glitch.
I've tried to add the smbpasswd command to the "add machine script", but that 
doesn't seem to work.
These lines from the client log seem to be especially interesting in this 
matter:

[2003/10/08 10:17:52, 10] rpc_server/srv_samr_nt.c:_samr_create_user(2266)
  checking account deepblue$ at pos 8 for $ termination
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam(288)
  Finding user deepblue$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(223)
  Trying _Get_Pwnam(), username as lowercase is deepblue$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(239)
  Trying _Get_Pwnam(), username as uppercase is DEEPBLUE$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(247)
  Checking combinations of 0 uppercase letters in deepblue$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(251)
  Get_Pwnam_internals didn't find user [deepblue$]!
[2003/10/08 10:17:52, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2308)
  _samr_create_user: Running the command `/usr/bin/cpu useradd deepblue$ -
d /dev/null -f 

/etc/samba/scripts/machadd.cfg -F deepblue$ -L deepblue$ -g 511 -p \n' gave 0
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam(288)
  Finding user deepblue$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(223)
  Trying _Get_Pwnam(), username as lowercase is deepblue$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(239)
  Trying _Get_Pwnam(), username as uppercase is DEEPBLUE$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(247)
  Checking combinations of 0 uppercase letters in deepblue$
[2003/10/08 10:17:52, 5] lib/username.c:Get_Pwnam_internals(251)
  Get_Pwnam_internals didn't find user [deepblue$]!

Again, the "add machine script" does create a user/posixAccount object 
deepblue$ at the correct position in the directory ( as in "ldap machine 
suffix" ).
There are LDAP and client logs attached to this report, together with a copy of 
my smb.conf
Comment 1 Ulf Dettmer 2003-10-08 02:57:42 UTC
Created attachment 189 [details]
lvl. 10 client log / LDAP log / smb.conf
Comment 2 Ulf Dettmer 2003-10-08 07:18:12 UTC
Update: 
After lots of testing I have found the troublemaker: It's the good old NSCD. 
Deactivating it (temporarily) solves the problem.
Is there any better solution then to complete stop that daemon ? OK, this is 
rather a question for the mailing list ...
Comment 3 Buchan Milne 2003-10-13 15:04:44 UTC
AFAIK smbldap-tools (as distributed in the samba-3.0.0 source) either HUP's or
restarts nscd to avoid this problem ...
Comment 4 Gerald (Jerry) Carter 2003-10-20 07:42:59 UTC
nscd caching issue.
Comment 5 Gerald (Jerry) Carter 2005-11-14 09:24:30 UTC
database cleanup