[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

Rowland Penny rpenny at samba.org
Wed Sep 21 10:26:53 UTC 2022



On 21/09/2022 10:57, Alexander Harm || ApfelQ via samba wrote:
> Hi,
> 
> I was wondering if anyone ran into the same issue and maybe has a solution for me. In short:
> 
> - we were running SLES 11 with Samba 3.6.3 as NT4 PDC and OpenLDAP backend: working fine
> - we upgraded to SLES 15 with Samba 4.13.13 as NT4 PDC and old OpenLDAP backend: working fine

Why did you upgrade a PDC to another PDC ?
Why didn't you upgrade to AD ?
An NT4-style domain relies on SMBv1 and Samba is working hard to remove 
SMBv1, so you may get this working again, but it will only be a short 
term fix.

> - now we migrated from OpenLDAP to 389 and things start to break

Why upgrade something that works to an unknown quantity, 389 is very 
different to Openldap.


> 
> LDAP seems to work in principle "pdbedit -L” is successful. However, running “pdbedit -Lv username” returns an error: “Failed to find a Unix account for username” and “Primary Group SID: (NULL SID)”.
> 
> So I guess the idmap is messed up?
> 
> Actually I’m not sure how the idmap is stored in LDAP since both idmap-OUs look the same to me (empty) on the old OpenLDAP and new 389.
> 

Samba may not be using ldap, can we please see your smb.conf

Rowland



More information about the samba mailing list