[Samba] samba 3.4.3 DC breaks Windows groups

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Nov 25 11:14:02 MST 2009

I added the index.  (The Sun DS Admin guide has pretty simple 
instructions on doing this.)

I also added some additional indexes as per the following


Unfortunately did not resolve the problem.

It does look like I have the 3.0 schema installed.  The samba source 
directory includes a 3.2 version.

(The Sun Directory server is derived from the Netscape DS.)

I may try updating this off-hours.


On 11/25/09 03:41, Jan Wenzel wrote:
> Hash: SHA1
> Gaiseric Vandal schrieb:
>> I assume an index is not an actual LDAP attribute or object like
>> sambaSID but is more like a database index for optimizing searches?
> You're right :) But in some cases like substring search (samba searches
> i.e. for sambaSID=S-1-5-32-* to get the local groups) they are needed to
> get results. I don't know where to configure the indexes exactly in SDS,
> but I'm sure it is possible.
>> I use Sun's Directory Server (LDAP server) as the backend.  I use Apache
>> Directory Studio for managing objects and attributes with in ldap.    I
>> should be able to use Sun's web-based console for creating the indexes.
>> Is there something I need to specify in smb.conf to tell Samba to use
>> the index?
> Samba does not know anything about the configuration details of the LDAP
> server,
> it only talks LDAP - so it should instantly show groups when the index
> is present.
>> I also noticed that if I try to compile samba with Active Directory
>> support, configure fails with
>> configure: error: Active Directory support requires ldap_initialize
> I would prefer to use the prebuilt linux packages from ftp.sernet.de (if
> you have a linux system).
>> Since sun has ldap client support included in the OS I do not have
>> openldap installed.    I don't need Active Directory but it makes me
>> suspect that there may be some other ldap compatibility issues when
>> using Sun ldap client vs Openldap client.
>> Thanks
> Jan
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> iEYEARECAAYFAksM7Z0ACgkQzaoFHMzBsBplVwCcCCaCYgq87CWuGmjxvpS/ox/k
> WdQAn19bryFfw+aWa7TMUZZCzU2UKHsN
> =4Old

More information about the samba mailing list