[Samba] ADS Issues and possible bug in 3.0.20

Theodore Jencks tjencks at navis.com
Fri Sep 23 23:34:22 GMT 2005

Before I lay out the problems I am currently suffering from let me
describe my environment:

Dell OptiPlex GX270 2.6Ghz 512MB Ram RedHat Linux Fedora Core 3 with all
current updates.  Samba compile is version 3.0.20 stable.


Uname -a: Linux theo.hq.navis.net 2.6.12-1.1378_FC3 #1 Wed Sep 14
04:24:31 EDT 2005 i686 i686 i386 GNU/Linux


Everything was running fine until my last YUM update.  Where upon my
machine account via wbinfo -t failed to work.


While I am on the subject this particular directive doesn't work:

ldap idmap suffix = dc=hq,dc=navis,dc=net

I find from my LDAP logs that something is adding an extra comma at the
end of the LDAP DN when doing a search.  I was able to resolve this
issue with the help of:

Ldap suffix

Directive which doesn't append the comma.


So to get back on topic everything about ads was working fine for me I
then ran a recent YUM update which added a new kernel and some CUPS libs
I believe.  After which ADS is now broken...there is nothing wrong with
my Kerberos settings as I am granted a ticket when doing kinit


Now when I try and do a:

Net ads join -U tjencks "organizationalUnit" I get the following


[root at theo nsswitch]# net ads join -U tjencks "HQ Servers"

tjencks's password: 

[2005/09/23 11:55:00, 0] utils/net_ads.c:ads_startup(191)

  ads_connect: No such file or directory



I've checked the web for this and I'm not sure what the function
ads_connect is really missing.  Below is my smb.conf file followed by my
samba 3.0.20 compile options:


[root at theo source]# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[software]"

Processing section "[printers]"

Loaded services file OK.

'winbind separator = +' might cause problems with group membership.


Press enter to see a dump of your service definitions



        workgroup = HQ

        realm = HQ.NAVIS.NET

        server string = Theo's samba server

        security = ADS

        password server = hqdc01.hq.navis.net

        log file = /var/log/samba/smbd.log

        max log size = 4096

        name resolve order = wins lmhosts bcast

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        printcap name = /etc/printcap

        dns proxy = No

        wins server =

        ldap admin dn = cn=Manager,dc=navis,dc=net

        ldap suffix = ou=idmap,dc=hq,dc=navis,dc=net

        idmap backend = ldap:ldap://localhost

        idmap uid = 16777216-33554431

        idmap gid = 16777216-33554431

        template shell = /bin/bash

        winbind separator = +

        winbind cache time = 10

        winbind use default domain = Yes

        cups options = raw



        comment = Software for the Navis Information Technology

        path = /share/software

        valid users = tjencks

        admin users = tjencks

        create mask = 0765

        force create mode = 0640

        force directory mode = 0750



        comment = All Printers

        path = /var/spool/samba

        printable = Yes

        browseable = No



CFLAGS="-O2 -march=i686"; export CFLAGS

./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
--datadir=/usr/share --sysconfdir=/etc -

-localstatedir=/var --infodir=/usr/share/info --mandir=/usr/share/man
--with-privatedir=/etc/samba --with-lo

ckdir=/var/lock/samba --with-piddir=/var/run/samba
--with-swatdir=/inet/swat --with-configdir=/etc/samba --w

ith-logfilebase=/var/log/samba --with-mandir=/usr/share/man
--with-smbwrapper --with-dce-dfs --with-ldap --w

ith-ads --with-krb5=/usr --with-automount --with-smbmount --with-pam
--with-pam_smbpass --with-syslog --with

-quotas --with-libsmbclient --with-acl-support --with-aio-support






Theodore A. Jencks

Network Systems Administrator

1000 Broadway, Suite 150

Oakland, CA 94607

Phone: (510) 267.5152

Fax:    (510) 267.5100 

Email:  tjencks at navis.com

http://www.navis.com <http://www.navis.com/> 


This e-mail message and any files attached to it are intended only for
the recipients named above, and may contain information that is
PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, or
the employee or agent responsible for delivering this message to an
intended recipient, you are strictly prohibited from reading, copying,
distributing, disclosing or otherwise using  this communication.  Please
immediately notify the sender, either by replying to this message or by
telephoning (+1 510 267 5000), and delete all copies of this message
from your system.


More information about the samba mailing list