[Samba] Problems with Samba after upgrading to v4 and changing LDAP-backend from OpenLDAP to 389

Rowland Penny rpenny at samba.org
Wed Sep 21 10:26:53 UTC 2022

On 21/09/2022 10:57, Alexander Harm || ApfelQ via samba wrote:
> Hi,
> I was wondering if anyone ran into the same issue and maybe has a solution for me. In short:
> - we were running SLES 11 with Samba 3.6.3 as NT4 PDC and OpenLDAP backend: working fine
> - we upgraded to SLES 15 with Samba 4.13.13 as NT4 PDC and old OpenLDAP backend: working fine

Why did you upgrade a PDC to another PDC ?
Why didn't you upgrade to AD ?
An NT4-style domain relies on SMBv1 and Samba is working hard to remove 
SMBv1, so you may get this working again, but it will only be a short 
term fix.

> - now we migrated from OpenLDAP to 389 and things start to break

Why upgrade something that works to an unknown quantity, 389 is very 
different to Openldap.

> LDAP seems to work in principle "pdbedit -L” is successful. However, running “pdbedit -Lv username” returns an error: “Failed to find a Unix account for username” and “Primary Group SID: (NULL SID)”.
> So I guess the idmap is messed up?
> Actually I’m not sure how the idmap is stored in LDAP since both idmap-OUs look the same to me (empty) on the old OpenLDAP and new 389.

Samba may not be using ldap, can we please see your smb.conf


More information about the samba mailing list