samba 3.0.x to Samba-3.2.x PDC/LDAP migration problem

Ignacio Coupeau icoupeau at
Wed Sep 24 10:38:37 GMT 2008

I'm have been a year out of the samba arena, so I apologize if the 
question is too trivial.

We are testing the migration of our domain PDC, BDCs, ldap, etc, with 
several thousand WS, from samba-3.0.2x to samba-3.2.3. (as matter of 
fact I use samba+LDAP from the samba-1.8pre days: thanks TEAM).

The official documentation about this upgrade is empty:
35.1.1 Upgrading from Samba-3.0.x to Samba-3.2.0, also in the web.

After some reading, I changed the samba.schema, added some index for the 
new attrs, etc.  The smb started well, and somethings as
	smbpasswd -a <user>
goes well. The dn used in the ldap connections are the usual:


But the (very big) problem is that any "domain" operation: add WS, join, 
etc., uses a dn as base like this:
and filter

1. The dn shows an additional "sambaDomainName=UNAV-PDC-01" in 
uppercase, added by samba;

2. As we don't have any trusted relation at this moment, the LDAP don't 
have any objectClass=sambaTrustedDomainPassword. I tried
"allow trusted domains = No", but the dn remains incorrect.

I follow every link I found, but nothing.

In the code, the function that appends the "extra" domain is
filter = talloc_asprintf(talloc_tos(),

but as I don't have any trust relationship, this call should be skipped 
or the result ignored, right?

I tested some shortcuts without any luck:
a. add a trusted domain o PDC membership, but the PDC uses the the long dn;
b. create the sambaTrustedDomainPassword oc, but requires attributes I 
don't know how initialize (like previous clear passwd, etc.)

May some one enlighten me a bit?

Thanks in advance,

Dr. Ignacio Coupeau
Systems and Network Services Director
IT Services
University of Navarra 
Pamplona, SPAIN       

More information about the samba-technical mailing list