[Samba] Samba with pdbsql (postgres) as backend - Machines can't join/login domain

[Claudinei Matos]

Hey guys,

I'm trying to setup a centralized network authentication with postgresql
and I already have almost the services authenticating via postgresql.
Right now I'm trying to setup samba to also authenticate my users
against postgres database and I can successfully authenticate a user on
a windows  desktop to lookup a share by example, but I can't do login on
the domain or even join the domain.
So what I did was compile pdbsql  0.2 against samba 3.0.24 and setup my
smb.conf to use passdb backend of type "pgsql". I also had changed
"encrypt passwords" to "no" as it's necessary for this type of setup.
Additionally I'd setup samba pam configuration to use system's base
setup which use pam_pgsql by the way.
Below there's my configuration files:

/etc/pam.d/samba:
auth       include      system-auth
account    include      system-auth
session    include      system-auth
password   include      system-auth

/etc/pam.d/system-auth:
auth       required     pam_env.so
auth       sufficient   pam_pgsql.so
auth       sufficient   pam_unix.so likeauth nullok use_first_pass
auth       required     pam_deny.so
account    sufficient   pam_pgsql.so
account    sufficient   pam_unix.so
account    required     pam_deny.so
password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   sufficient   pam_pgsql.so use_first_pass
password   required     pam_deny.so
session    required     pam_limits.so
session    required     pam_unix.so

/etc/samba/smb.conf:
workgroup = test
netbios name = server
security = user
encrypt passwords = no
domain master = yes
preferred master = yes
domain logons = yes
passdb backend = pgsql:pgsql
pgsql:pgsql host = 127.0.0.1
pgsql:pgsql user = samba
pgsql:pgsql password = samba
pgsql:pgsql database = samba
pgsql:table = samba
pgsql:domain column = 'teste'

So as I told, I can use the login/password stored on postgres to access
a shared folder from a windows machine, so the problem is not about
crypted/encrypted password, but if I try to join the domain, even with
the machine account created, I can't do it. I also tried to first join
the domain using the normal samba configuration, and added the machine
account manually to the database, restarted samba with pdbsql
configuration, and tried to login on the domain from the windows
worksation but again I have no success.
With all the tests I did, I can just realize that the problem is about
the machine account lookup on sql backend. Looking at the pdbedit tool I
saw that my workstation account on pdb_pgsql was being returned as an
user account (account flags), so I fixed it changing to workstation
account putting the right value on the table (acct_ctrl field), but
again, the problem persists.
So as I can see, if I do compare the pdbedit output when using pdb_pgsql
against the output when using smbpasswd backend they are almost the
same, except for some account age and login drive/path information.
I've played a lot with samba parameters, pam setup and the data on
database but the problem is always the same, so I start to think that I
will not able to make my domain machines do login on my samba server
using account information stored on postgres database.

Do anybody have some idea about how to fix it? it's really a limitation
of pdbsql backend? or am I going through a wrong way?

Thanks for any help,

Claudinei Matos