Strange problem with samba and nss_ldap

Andrew Bartlett abartlet at
Wed Dec 5 13:16:01 GMT 2001

Andreas Moroder wrote:
> Hello,
> we are using samba on Suse Linux togheter with pam_ldap and nss_ldap.
> Whe a user logs in to the samba server we get the follwing error messae
> smbd: nss_ldap: could not search LDAP server - Bad search fi
> lter
> We change the sources of ldap_nns.c to show us what filter is wrong.
> Now we get
> Dec  5 13:01:12 mir smbd: nss_ldap: AM could not search LDAP server - (&(objectc
> lass=posixAccount)(uid=ADOM\ALI)) base:dc=sb-brixen,dc=it
> This was a login from smbclient on the same machine where samba runs.
> The question is why samba does add the domain to the uid ?
> ADOM is the domain and ALI is the user.
> The login works well and the users can work, but our log/messages gets full of
> this warnings.
> Is there a reason for this behaviour ?

Samba will attmept to lookup domain\username before just username to
work with winbind and some other 'domain member' configurations.

nss_ldap should be escaping the filter correctly, but as a quick
workarond just change the 'winbind seperator' in smb.conf to somthing
less problomatic.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list