[Samba] Unable to add machine accounts
LiPi -
lipixx at gmail.com
Mon Mar 30 20:23:29 GMT 2009
I wasn't using nscd and I got the same error.
Don't know if it's destructive, first do it in a testing machine.
2009/3/30 Chris St. Pierre <stpierre at nebrwesleyan.edu>
> On Mon, 30 Mar 2009, John Drescher wrote:
>
> Is that destructive to an existing setup? I have been using samba and
>> openldap for around 5 years.
>>
>
> Looks that way. I've also been using Samba + LDAP for about 5 years,
> and have 8000 users and 1000 machine accounts I'd kinda like to keep
> around.
>
> It also assumes that your Samba box is your OpenLDAP box. I have two
> of the former and four of the latter, none of which share hardware.
> Not that that would matter for me anyway, since that script assumes
> you use OpenLDAP, and I use Fedora DS. These are just the problems I
> found in about a 60-second perusal of the script.
>
> In other words, it looks fine if you're trying to get your shiny new
> Samba + LDAP setup working on your home server, but it's not exactly
> what I'd call enterprise quality software.
>
> That said, I figured out the problem -- kind of: nscd. As far as I
> can tell, what happens is:
>
> 1. In the process of creating a trust account, Samba checks to see if
> the account already exists. nscd caches a negative answer.
>
> 2. The account is created.
>
> 3. Samba again checks for the account, but gets nscd's cached
> negative reply.
>
> Not using nscd isn't really a good option for us.
>
> I tried reducing the nscd negative TTL so it was below the -t (wait)
> argument to smbldap-useradd, but that didn't appear to work.
>
> My other option is to wrap smbldap-useradd in a script that
> invalidates the entire nscd cache, but that's also not a very good
> option, since it torches the entire cache, not just the entry that
> needs to be invalidated. Admittedly, we don't add machine accounts
> that often, but it's not really my favorite solution.
>
> I'm sure other people must be running Samba + nscd. What other
> solutions are there to this problem?
>
> Chris St. Pierre
> Unix Systems Administrator
> Nebraska Wesleyan University
>
>
More information about the samba
mailing list