[Samba] Re: Joining Domain on Solaris,
Get_Pwnam_internals didn't find user
tmaschutznig at new10.com
Thu May 11 11:00:06 GMT 2006
Well, I figured it out myself. The Samba configuration was basically ok,
so was the config of the smbldap-tools and nsswitch.
The mistake was, that on Solaris 10 nscd is running by default and
performing 5 seconds "negative" caching for group, passwd, hosts etc.:
negative-time-to-live passwd 5
negative-time-to-live group 5
negative-time-to-live hosts 5
Together with my smb.conf...
add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 0 -w "%u"
...this produced the strange LDAP log without any SEARCH after ADD DN -
as well as the error that samba couldn't find the user as samba's first
search correctly returned "not found" and after ADD DN, the second "not
found" came directly from nscd's cache.
Any combination of a "negative-time-to-live passwd" in nscd.conf with a
greater-than-that "-t" parameter in smb.conf works fine for me. I have
lowered the nscd TTL to 3s and -t is set to 8s; turning negative caching
off will most likely have performance implications so I decided not to
Maybe this should be pointed out in the Samba HOWTO/examples and/or
IDEALX installation guide as a hint for Solaris users as 5s in nscd and
"-t 0" are the default settings.
More information about the samba