The Samba-Bugzilla – Bug 7272
fetch_account_info fails if addmachinescript also sets up SAMAccount
Last modified: 2010-03-21 16:27:24 UTC
I'm using a addmachinescript which adds a new user for a machine account in ldap (with the unix uid depending on the PC name). The addmachinescript also adds/sets the objectClass sambaSamAccount from a template.
Iirc since an update from 3.3 to 3.4 domain joins of a windows 7 clients fail the first time when a machine account isn't already in ldap (in the logs i see: passdb/pdb_ldap.c:2197(ldapsam_add_sam_account) ldapsam_add_sam_account: User 'PC229$' already in the base, with samba attributes).
I tried to track this issue down and I suppose the commit <http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=7a51d4e2c5097276f27b7c86f2d1d384a0dd545a> (the missing "/* try and find the possible unix account again */") is the reason for it.
If you are talking about failure to join a Samba-based DC, it is unlikely that the checkin you refer to is the reason. This code is only used during a vampire of an existing NT4 domain.
Is it possible that you are running nscd? If so, what happens if you kill it?
Yeah I'm running nscd, but this problem wasn't there before the update to samba 3.4.x.
Anyway I try to retest with nscd disabled in the next week.
It might be possible that your build did not properly detect libnscd.
I just rechecked: THe issue is still there with nscd disabled (and samba restarted afterwards).
Btw. I use nscd from glibc.