Weird uids going through nsswitch

Andrew Bartlett abartlet at
Wed Mar 27 01:35:06 GMT 2002

Wade Turland wrote:
> Hi all
> Our samba server is going belly-up several times a day in peak times and I
> think this is related. Load averages skyrocket to 200.00 or more and we get
> thousands of stray processes. The only solution I've found is to kill all
> smbd processes and restart samba, which will allow the workstations to
> reconnect.
> We are seeing strange userid lookups going through the name service switch
> to the ldap server. Note, this is not samba with ldap, only's
> nss_ldap-87 which has run reliably for 2 years or more.
> Recently we upgraded about 1000 lab machines to Win2k running Novell
> clients. Students' login scripts do a
> to mount the samba home drive.
> When we look at the eDirectory ldap server, we see weird requests coming
> through. Eg.
> filter= (&(objectclass=posixAccount)(uid=LABS-75-194'0012345678))
> where LABS-75-194   is the workstation name
> and   12345678      is the student's userid
> Can anyone suggest why this is happening and how to stop it? Is it a normal
> and legal protocol activity? I've tried tcpdump and setting samba's debug
> level to 9, but neither seems to show anything related except some logs
> have copious amounts of:
> [2002/03/26 15:45:42, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(437)
>   getsmbfilepwent: returning passwd entry for user 13017620, uid 13017620
> for all different user names. Is it searching for every user for some
> reason?
> And why is it putting the '00 in front of the userid?

I suspect this is a combination of Get_Pwnam() and the domain\username
lookups samba does in an attempt to use a trusted domain account (via
winbind).  The '00 might be LDAP's way of represending a null (or
similar weird char) - which for some odd reason might be your winbind

Samba will try various combinations of this, up to the username level. 
If all your usernames are lowercase, set 'username level = 0' in your
smb.conf.  Also try setting a winbind seperator (dispite the fact you
don't use winbind) and see if it changes the lookups.

Also, ensure your ldap server is correctly indexed.  As these stray
lookups should fail quickly and let smbd go on its way.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list