[Samba] Samba+LDAP problem after replacing BDC

Rowland Penny rpenny at samba.org
Wed Aug 22 14:09:37 UTC 2018 

On Wed, 22 Aug 2018 15:34:04 +0200
Ludovit Koren <ludovit.koren at gmail.com> wrote:

From: Ludovit Koren <ludovit.koren at gmail.com>
To: Rowland Penny via samba <samba at lists.samba.org>
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Samba+LDAP problem after replacing BDC
Date: Wed, 22 Aug 2018 15:34:04 +0200
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (berkeley-unix)

>>>>> Rowland Penny via samba <samba at lists.samba.org> writes:  

> On Wed, 22 Aug 2018 13:53:23 +0200
> Ludovit Koren via samba <samba at lists.samba.org> wrote:  

>> 
>> Hi,
>> 
>> I had a working enviroment of one PDC and several BDCs. The PDC is
>> Samba version 3.6.6. After replacing of one BDC, I've started to get
>> the following error in LDAP master server:
>> 
>> Aug 22 13:44:59 gw slapd[28598]: conn=46129 op=51 do_search:
>> invalid dn (sambaDomainName=Administrator,(null))
>> 
>> and on the PDC:
>> 
>> root@:~# net getlocalsid
>> smbldap_search_domain_info: Adding domain info for XXX failed
>> with NT_STATUS_UNSUCCESSFUL SID for domain XXX-SERVER is:
>> S-1-5-21-967619648-2110556011-518741233
>> 
>> I cannot add any new computer to the domain. Everything else
>> seems to be working.
>> 
>> I did not find any hint to the error. Could you point what the
>> problem could be?
>> 
>> Thank you very much in advance.
>> 
>> Regards,
>> 
>> lk
>>   

> Can you post your smb.conf.  

> [smb.conf  application/octet-stream (13106 bytes)] 

There is nothing really wrong there


>> what version of Samba is the new BDC using ?  

> /usr/sbin/smbd -V
> Version 4.2.14-Debian

>> From the number of posts we get on PDC problems and tests I
>> have done,  
>> I think that the changes required for AD might have broken
>> NT4-style > domains.  

>> Irrespective of the above, can I advise you to upgrade to AD,
>> Samba
>> 'might' have broken NT4-style domains by accident, but it looks
>> like > Microsoft is removing connection by design.  

Not sure where to go from here, apart from turning up the logs to 10
and seeing if anything pops out.

Rowland

More information about the samba mailing list