[Samba] Samba+LDAP problem after replacing BDC

Wed Aug 22 13:34:04 UTC 2018

>>>>> Rowland Penny via samba <samba at lists.samba.org> writes:

    > On Wed, 22 Aug 2018 13:53:23 +0200
    > Ludovit Koren via samba <samba at lists.samba.org> wrote:

    >> 
    >> Hi,
    >> 
    >> I had a working enviroment of one PDC and several BDCs. The PDC is
    >> Samba version 3.6.6. After replacing of one BDC, I've started to get
    >> the following error in LDAP master server:
    >> 
    >> Aug 22 13:44:59 gw slapd[28598]: conn=46129 op=51 do_search: invalid
    >> dn (sambaDomainName=Administrator,(null))
    >> 
    >> and on the PDC:
    >> 
    >> root@:~# net getlocalsid
    >> smbldap_search_domain_info: Adding domain info for XXX failed with
    >> NT_STATUS_UNSUCCESSFUL SID for domain XXX-SERVER is:
    >> S-1-5-21-967619648-2110556011-518741233
    >> 
    >> I cannot add any new computer to the domain. Everything else seems to
    >> be working.
    >> 
    >> I did not find any hint to the error. Could you point what the problem
    >> could be?
    >> 
    >> Thank you very much in advance.
    >> 
    >> Regards,
    >> 
    >> lk
    >> 

    > Can you post your smb.conf.

-------------- next part --------------

    > what version of Samba is the new BDC using ?

/usr/sbin/smbd -V
Version 4.2.14-Debian

    >> From the number of posts we get on PDC problems and tests I have done,
    > I think that the changes required for AD might have broken NT4-style
    > domains.


    > Irrespective of the above, can I advise you to upgrade to AD, Samba
    > 'might' have broken NT4-style domains by accident, but it looks like
    > Microsoft is removing connection by design.