[Samba] smbldap_search_suffix: Problem during the LDAP search

Glenn Arnold garnold at unrealsolutions.com
Thu Sep 2 01:42:19 GMT 2004 

Hello,

I need some help with the following errors that I have in my log.smbd:

[2004/09/01 21:14:39, 0] lib/smbldap.c:smbldap_search_suffix(1126)
  smbldap_search_suffix: Problem during the LDAP search:  (Size limit
exceeded)
[2004/09/01 21:14:39, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(1078)
  ldapsam_setsampwent: LDAP search failed: Size limit exceeded
[2004/09/01 21:14:39, 0]
rpc_server/srv_samr_nt.c:load_sampwd_entries(232)
  load_sampwd_entries: Unable to open passdb.

I notice the problem Monday.  If I use User Manager to view user in my
Samba-LDAP PDC I get the following error "The stub received bad data"
Then I get the prompt "Do I want to select another domain to
administer".  If I run Server Manager I get the same error.  One problem
I discovered was that I had exceeded the size limit for openldap search.
The default SIZELIMIT  500 I increased the size to 10000 which I thought
this would solve the problem which it has not.  I can login to domain
with and access resource on the server with no problems.  I search this
list and google and did not come up with anything conclusive.  I am
running samba 3.04, openldap-2.1.22-8, and Redhat AS 3.0.  Any insight
on these errors would be appreciated.  Here is smb.conf

[global]
netbios name = HSFNP01
workgroup = MTHCS
server string =
security = user
os level = 64
domain master = yes
local master = yes
preferred master = yes
time server = yes
#passdb backend = tdbsam
ldappasswd sync =yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=samba,ou=DSA,dc=mthcs,dc=net
#ldap admin dn = cn=Manager,dc=mthcs,dc=net
ldap suffix = dc=mthcs,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = no
unix extensions = yes
encrypt passwords = yes
domain logons = yes
logon script = logon.bat
logon drive = H:
logon home = \\%L\%U
logon path =
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
wins support = no
wins server = 10.100.0.10
veto files = /*.eml/*.nws/riched20.dll/
lanman auth = yes
add user script = /usr/local/sbin/smbldap-useradd -m %u
delete user script = /usr/local/sbin/smbldap-userdel %u
ldap delete dn = yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupadd "%g"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
dos charset = 850
unix charset = ISO8859-1
oplocks = yes
load printers = yes
printing = cups
printer admin = Administrator, @Domain Admins
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = -
winbind use default domain = No

[netlogon]
path = /smbsrvr/netlogon/scripts
browsable = no
guest ok = yes
write list = Domain Admins

[homes]
comment = Home Directories
browseable = no
read only = no
hide dot files = yes
veto files =
/*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/
dos file times = yes

[C$]
valid users = @root
path = /smbsrvr
read only = no
create mask = 0770
directory mask = 0770
force group = Domain Admins
force directory mode = 0770
dos file times = yes

[Apps]
read only = no
path = /smbsrvr/Apps
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
inherit permissions = yes

[Students]
path = /smbsrvr/Students
read only = no
create mask = 0770
directory mask = 0770
force group = hsstudents
force create mode = 0770
force directory mode = 0770
dos filetimes = yes

[AdminTools$]
path = /smbsrvr/AdminTools
read only = no
dos filetimes = yes

[printers]
comment = All Printers
path = /var/spool/samba
printable = yes
browseable = no
guest ok = yes

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
guest ok = no
read only = yes
write list = root, @ntadmin


#[%G]
#path = /home/groups/%G/
#read only = no
#force group = %G

[home$]
        writeable = yes
        write list = +ntadmin,@"MTHS-Domain Admins", at ntadmin, at root
        path = /home
        force directory mode = 0770
        force group = +ntadmin
        dos file times = yes
        create mask = 0770
        directory mask = 0770
        valid users = +ntadmins,+root,@"MTHS-Domain
Admins", at ntadmin, at root

[ezaudit]
path = /smbsrvr/ezaudit
read only = no
browsable = no
guest ok = yes

[HSGUIDANCE]
path = /smbsrvr/Guidance
read only = no
dos filetimes = yes

[HS PRINCIPAL]
path = /smbsrvr/hsprincipal
read only = no
dos filetimes = yes

[CIP]
path = /smbsrvr/CIP
read only = no
dos filetimes = yes

[POISE ISSUES]
path = /smbsrvr/Poise Issues
read only = no
dos filetimes = yes

[HSDISCIPLINE]
path = /smbsrvr/Discipline
read only = no
dos filetimes = yes

[YEARBOOK]
path = /smbsrvr/yearbook
read only = no
dos filetimes = yes

[INSTALL]
comment = Mt. Healthy Software
path = /smbsrvr/Install
read only = No
guest only = Yes

[ADMINTOOLS$]
path = /smbsrvr/AdminTools
read only = no
dos filetimes = yes

[hsstudents]
path = /home/hsstudents
read only = no
dos filetimes = yes

[hsstaff]
path = /home/hsstaff
read only = no
dos filetimes = yes

[hsbuilding]
path = /home/hsbuilding
read only = no
dos filetimes = yes

Thanks for your help!
-Glenn

More information about the samba mailing list