[Samba] Re: Joining Domain on Solaris, Get_Pwnam_internals didn't find user

Thomas Maschutznig tmaschutznig at new10.com
Thu May 11 11:00:06 GMT 2006


Well, I figured it out myself. The Samba configuration was basically ok, 
so was the config of the smbldap-tools and nsswitch.
The mistake was, that on Solaris 10 nscd is running by default and 
performing 5 seconds "negative" caching for group, passwd, hosts etc.:

   negative-time-to-live   passwd          5
   negative-time-to-live   group           5
   negative-time-to-live   hosts           5

Together with my smb.conf...
   add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 0 -w "%u"

...this produced the strange LDAP log without any SEARCH after ADD DN - 
as well as the error that samba couldn't find the user as samba's first 
search correctly returned "not found" and after ADD DN, the second "not 
found" came directly from nscd's cache.

Any combination of a "negative-time-to-live passwd" in nscd.conf with a 
greater-than-that "-t" parameter in smb.conf works fine for me. I have 
lowered the nscd TTL to 3s and -t is set to 8s; turning negative caching 
off will most likely have performance implications so I decided not to 
but YMMV.

Maybe this should be pointed out in the Samba HOWTO/examples and/or 
IDEALX installation guide as a hint for Solaris users as 5s in nscd and 
"-t 0" are the default settings.


More information about the samba mailing list