> I have worked on this for the about six months trying to figure out why a machine could not join the domain. The problem is solved, but without a solid resolution. I want to understand why my system is working all of the sudden.
The funny thing is that just today we've resolved similar problem and the source of the problem was nscd - this little caching deamon. It appears that this guy caches both positive and negative responses and if it previously found out that there's no 'machine$' user in LDAP it won't ask for it again.
The story goes like this: Samba looks for 'machine$' user and can not find it (nscd gets that cached). It asks "add machine script" (IDEALX script) to create the account. Then, Samba uses NSS call (like 'getent passwd machine$') to retrieve user's uid and sees that there's no such account (nscd remembers the result). For Samba it means only one thing - the script failed to create the account and it returns 'Access denied'. Restarting nscd helps to find user through NSS call and machine can normally join the domain. But, next time a new machine attempts to join the domain - you'll have the same problem.
So, my guess is - changing from "%u" to "%m" has nothing to do with your problem.
Igor
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
