Dear all,

i have some problem on samba 3 to retrieve account information from
LDAP

Samba 3.0
krb5-1.3.1
openldap-2.1.16
nss_ldap-202
pam_ldap-157
Red Hat 9

Before the samba installation/configuration, the system is running
with nss_ldap, pam_ldap for local login, it's work fine

/etc/nsswitch.conf

passwd: files ldap
shadow: files ldap
group: files ldap


then install and configure the MIT kerberos and samba 3
MIT kerberos :

../configure
make
make install


/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.COM
# default_tkt_enctypes = des-cbc-md5
# default_tgs_enctypes = des-cbc-md5
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
MYDOMAIN.COM = {
kdc = pdc1.mydomain.com:88
default_domain = mydomain.com
}

[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}




Samba 3:

../configure --prefix=/usr/local/samba --with-ads
--with-krb5=/usr/local --with-automount --with-smbmount --with-pam
--with-pam_smbpass --with-quotas --with-acl-support --with-winbind

make
make install


/usr/local/samba/lib/smb.conf
[global]
workgroup = MYDOMAIN.COM
netbios name = asdss1
server string = File Server
realm = MYDOMAIN.COM
security = ADS
encrypt passwords = Yes
password server = pdc1
log file = /var/log/samba/log.%m
max log size = 20
announce version = 4.0
dns proxy = No
hosts allow = 128.2. 10.2.
follow symlinks = yes
hide dot files = yes
preserve case = No
case sensitive = No
default case = Lower
deadtime = 240
keepalive = 3600
veto files = /.*/
#hide dot files = yes

[homes]
comment = Home Directories
read only = No
browseable = No

[share1]
path = /tmp


computer account "asdss1" added to W2K AD
kinit to administrator@MYDOMAIN.COM is OK
net ads join -U adminstrator is OK


then i switch to another "user1", this user already exist in AD and
LDAP
and kinit for "user1" is OK

The problem is :
/usr/local/samba/bin/smbclient //asdss1/share1 -k -d 10

i got "Call returned zero bytes (EOF)" error

here is the debug log:

[2003/11/03 16:46:21, 2]
libsmb/cliconnect.c:cli_session_setup_kerberos(493)
Doing kerberos session setup
[2003/11/03 16:46:21, 10]
libsmb/clikrb5.c:get_krb5_smb_session_key(385)
Got KRB5 session key of length 16
[2003/11/03 16:46:21, 6] lib/util_sock.c:write_socket(407)
write_socket(3,1506)
[2003/11/03 16:46:21, 6] lib/util_sock.c:write_socket(410)
write_socket(3,1506) wrote 1506
[2003/11/03 16:46:21, 5] lib/util_sock.c:read_socket_with_timeout(272)
read_socket_with_timeout: timeout read. EOF from client.
[2003/11/03 16:46:21, 10] lib/util_sock.c:receive_smb(512)
receive_smb: length < 0!
[2003/11/03 16:46:21, 10] libsmb/clientgen.c:client_receive_smb(65)
client_receive_smb failed
[2003/11/03 16:46:21, 5] lib/util.c:show_msg(456)
[2003/11/03 16:46:21, 5] lib/util.c:show_msg(466)
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
[2003/11/03 16:46:21, 10] intl/lang_tdb.c:lang_tdb_init(135)
session setup failed: Call returned zero bytes (EOF)


then i disable the nss_ldap by edit /etc/nsswitch.conf to

passwd: files
shadow: files
group: files


and switch to another user "user2", this user already exist in AD, but
not in LDAP( It is a local account )

kinit with "user2" is OK

then
/usr/local/samba/bin/smbclient //asdss1/share1 -k -d 10

everything is fine


What i'm missing or what is wrong on my configuration,

Please advice
Thanks


Cyrus Tam