[Samba] samba 3.4.3 DC breaks Windows groups

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Nov 25 11:14:02 MST 2009


I added the index.  (The Sun DS Admin guide has pretty simple 
instructions on doing this.)

I also added some additional indexes as per the following

http://wiki.samba.org/index.php/2.0:_Configuring_LDAP

Unfortunately did not resolve the problem.


It does look like I have the 3.0 schema installed.  The samba source 
directory includes a 3.2 version.

examples/LDAP/samba-schema-netscapeds5.x.
(The Sun Directory server is derived from the Netscape DS.)


I may try updating this off-hours.

Thanks



On 11/25/09 03:41, Jan Wenzel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gaiseric Vandal schrieb:
>    
>> I assume an index is not an actual LDAP attribute or object like
>> sambaSID but is more like a database index for optimizing searches?
>>      
> You're right :) But in some cases like substring search (samba searches
> i.e. for sambaSID=S-1-5-32-* to get the local groups) they are needed to
> get results. I don't know where to configure the indexes exactly in SDS,
> but I'm sure it is possible.
>
>
>    
>> I use Sun's Directory Server (LDAP server) as the backend.  I use Apache
>> Directory Studio for managing objects and attributes with in ldap.    I
>> should be able to use Sun's web-based console for creating the indexes.
>>
>> Is there something I need to specify in smb.conf to tell Samba to use
>> the index?
>>      
> Samba does not know anything about the configuration details of the LDAP
> server,
> it only talks LDAP - so it should instantly show groups when the index
> is present.
>
>    
>> I also noticed that if I try to compile samba with Active Directory
>> support, configure fails with
>>
>> configure: error: Active Directory support requires ldap_initialize
>>      
> I would prefer to use the prebuilt linux packages from ftp.sernet.de (if
> you have a linux system).
>
>    
>> Since sun has ldap client support included in the OS I do not have
>> openldap installed.    I don't need Active Directory but it makes me
>> suspect that there may be some other ldap compatibility issues when
>> using Sun ldap client vs Openldap client.
>>
>>
>> Thanks
>>      
> HTH
> Jan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAksM7Z0ACgkQzaoFHMzBsBplVwCcCCaCYgq87CWuGmjxvpS/ox/k
> WdQAn19bryFfw+aWa7TMUZZCzU2UKHsN
> =4Old
> -----END PGP SIGNATURE-----
>    



More information about the samba mailing list