[Samba] Samba 3.2 Ldap problem

Charlie medievalist at gmail.com
Thu Jul 3 18:08:38 GMT 2008

On Tue, Jul 1, 2008 at 8:16 PM, Ernesto Silva <silva at ort.edu.uy> wrote:
> A few days ago I've installed OpenSuSE 11 Beta 2 in another server, it came
> with samba 3.2.0-18, so as I'm very lazy I copied the smb.conf file from the
> working server to the new one  with little modifications like the netbios
> name and which shares it serves, say Server B. I'm connecting to the same
> Ldap server.

Did you copy over the secrets.tdb as well?  If not, you are going to
have to use "net setlocalsid" to set the machine SID to match the old
one, and "smbpasswd -w" to set the LDAP access password.  Samba tracks
users by SID now (which I don't like, personally, but it's something
that the Samba Team apparently had to do if they wanted to
interoperate with later versions of Microsoft's networking stack) so
your users will have SIDs that were created by the old system.

You also will want to put a "sub" index on the sambaSID attribute in
OpenLDAP's slapd.conf file if you haven't already done so.  Later
versions of samba need it... you get a nice efficiency boost.  Um, and
watch your search limits in OpenLDAP also -the "machine suffix" and
"user suffix" parameters in smb.conf are not applied as filters in the
searches that samba makes in LDAP, so search returns might be bigger
than you anticipate, and I'm not sure that samba can properly handle
an RFC-compliant paged LDAP search result like OpenLDAP might return.

I prefer using net setlocalsid and smbpasswd rather than just copying
over an old secrets.tdb - but use tdbdump on the old one to see if
there is anything else in there (like domain trust passwords) before
you decide.


More information about the samba mailing list