How to test samba LDAP parameters with openldap tools, eg ldapsearch?

Rowland Penny rpenny at
Wed Apr 12 12:51:08 UTC 2023

On 12/04/2023 13:37, Jan Andersen wrote:
> Hi Rowland,
> I noticed something odd about the logs: it seems smbd generates one both 
> for the workstation's name and one for its IP address - I didn't attach 
> the latter, so here it is. It seems to have more detail.
> Jan
> On 12/04/2023 12:06, Rowland Penny via samba-technical wrote:
>> On 12/04/2023 11:39, Jan Andersen wrote:
>>> Hi Rowland,
>>> Thank you for replying. I wiped the existing logs, changed the smbd 
>>> service to include '-d 10' and restarted, so I would have logs 
>>> without too much noise - please find them attached along with smb.conf
>> You appear to be running Samba as a standalone server with an ldap 
>> backend, are you aware that such a setup is two parameters away from 
>> being a PDC ? If you comment out 'server role = standalone server' and 
>> add 'domain logons = yes', it becomes a PDC and a PDC (from 4.8.0) 
>> requires winbind to be running.
>> Rowland

Before Samba 4.8.0 , smbd could directly connect to the domain 
controller, from 4.8.0 smbd now needs to go via winbind.
Now I know that you are not strictly running a PDC, but what you are 
running is the next thing to it, so I presume that you need to run 
winbind, you do not need to configure anything, just run winbind.

Whatever happens, you should be aware that Samba is working to remove 
SMBv1 and things like PDC's with it.

One thing I did notice from that last log, you are not using SMBv1, try 
adding these lines to the smb.conf:

server min protocol = NT1
client min protocol = NT1


More information about the samba-technical mailing list