On Mon, 30 Mar 2009, John Drescher wrote:
Is that destructive to an existing setup? I have been using samba and openldap for around 5 years.
Looks that way. I've also been using Samba + LDAP for about 5 years, and have 8000 users and 1000 machine accounts I'd kinda like to keep around. It also assumes that your Samba box is your OpenLDAP box. I have two of the former and four of the latter, none of which share hardware. Not that that would matter for me anyway, since that script assumes you use OpenLDAP, and I use Fedora DS. These are just the problems I found in about a 60-second perusal of the script. In other words, it looks fine if you're trying to get your shiny new Samba + LDAP setup working on your home server, but it's not exactly what I'd call enterprise quality software. That said, I figured out the problem -- kind of: nscd. As far as I can tell, what happens is: 1. In the process of creating a trust account, Samba checks to see if the account already exists. nscd caches a negative answer. 2. The account is created. 3. Samba again checks for the account, but gets nscd's cached negative reply. Not using nscd isn't really a good option for us. I tried reducing the nscd negative TTL so it was below the -t (wait) argument to smbldap-useradd, but that didn't appear to work. My other option is to wrap smbldap-useradd in a script that invalidates the entire nscd cache, but that's also not a very good option, since it torches the entire cache, not just the entry that needs to be invalidated. Admittedly, we don't add machine accounts that often, but it's not really my favorite solution. I'm sure other people must be running Samba + nscd. What other solutions are there to this problem? Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba