LDAP machine lookup strangeness

Don Hayward don at mote.org
Tue Nov 26 21:46:01 GMT 2002

I don't know whether this is a samba problem, but that's my current
best guess.

I'm using Debian woody with the upgrades mentioned below. I got the
samba-2.2.7 source and did the build with debain/rules with the
addition of the ldapsam flag.  I've upgraded my ldap, nss, and pam,
etc. libraries to 'testing' to use the tls enabled libldap.  I'm using
gcc 3.0.4.

I'm setting up PDC service -- when I try to join a windows machine to
the domain, I get 'specified user does not exist' on the windows
system and the following lines appear in log.smbd:

[2002/11/25 10:55:50, 2, pid=19589] passdb/pdb_ldap.c:get_single_attribute(286)
  get_single_attribute: [rid] = [3357]

Here the rid of the machine account (3357) is retrieved from the ldap server.

Then below, there seems to be an attempt to verify or requery the
directory, but the rid used is exactly twice (left shifted?) the
original rid.  This query fails and the join fails.

[2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_open_connection(123)
  StartTLS issued: using a TLS connection
[2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_open_connection(142)
  ldap_open_connection: connection opened
[2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_connect_system(176)
  ldap_connect_system: succesful connection to the LDAP server
[2002/11/25 10:55:52, 2, pid=19589] passdb/pdb_ldap.c:ldap_search_one_user(188)
  ldap_search_one_user: searching for:[rid=7714]
[2002/11/25 10:55:52, 0, pid=19589] passdb/pdb_ldap.c:pdb_getsampwrid(820)
  We don't find this rid [7714] count=0

The admin account was verified earlier, without problem.
Has this been seen? Any help to get around this appreciated.  Thanks.

Don Hayward			don at mote.org
Mote Marine Laboratory		Office: 941.388.4441  Cell: 941.302.4982
1600 Ken Thompson Parkway	Fax: 941.388.4312
Sarasota, FL 34236		See: http://www.mote.org
Independent, non-profit, marine and estuarine research and education facility.
For PGP public key do: http://www.mote.org/~don/donpgp.asc
use "DISCLAIMER"; # We run Debian Linux
Taxes feed the starving and clothe the naked.

More information about the samba-technical mailing list