[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

Alexander Harm || ApfelQ alexander.harm at apfelq.com
Wed Sep 21 09:57:26 UTC 2022


I was wondering if anyone ran into the same issue and maybe has a solution for me. In short:

- we were running SLES 11 with Samba 3.6.3 as NT4 PDC and OpenLDAP backend: working fine
- we upgraded to SLES 15 with Samba 4.13.13 as NT4 PDC and old OpenLDAP backend: working fine
- now we migrated from OpenLDAP to 389 and things start to break

LDAP seems to work in principle "pdbedit -L” is successful. However, running “pdbedit -Lv username” returns an error: “Failed to find a Unix account for username” and “Primary Group SID: (NULL SID)”.

So I guess the idmap is messed up?

Actually I’m not sure how the idmap is stored in LDAP since both idmap-OUs look the same to me (empty) on the old OpenLDAP and new 389.

Any hints/advice?


More information about the samba mailing list