# problem with ldap password backend



## belcayre (Nov 21, 2012)

Hi all,
I try to migate my old pdc (samba + openldap server + smbldap tools) to a new pdc (last stable version of FreeBSD 9, samba 3.6, openldap server 24 + smbldap tools).


```
# On utilise LDAP comme backend
passdb backend = ldapsam:ldap://127.0.0.1/
ldap suffix = dc=iutge1,dc=ujf-grenoble,dc=fr
ldap admin dn = "cn=samba,ou=DSA,dc=iutge1,dc=ujf-grenoble,dc=fr"
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = yes
ldap delete dn = no
```

So I have save the ldap base on my old pdc and restore on my new pdc with slapcat and slapadd. And after I make a slapindex, then a smbldap-populate. And I define passwd with smb-passwd -w.

I see all my accounts with *ldapsearch* and *smbldap-userlist* and all my groups with *smbldap-grouplist*.

I can join pc to the domain with root account, but other accounts don't work.

`# pdbedit -L`
show user search failed and with *net rpc info* I have my 8 groups but 0 users

Please someone can help me, or give me clues because I don't find solution.

Thanks for learning.


----------



## belcayre (Nov 21, 2012)

I forget to say *smbd* an *nmdb* is running like *slapd*. And *ldapsearch* return that at the end of the command:

```
# search result
search: 2
[B]result: 4 Size limit exceeded[/B]

# numResponses: 501
# numEntries: 500
```
but I don't know why


----------



## mamalos (Nov 21, 2012)

belcayre said:
			
		

> ```
> # search result
> search: 2
> [B]result: 4 Size limit exceeded[/B]
> ...



This is because your slapd.conf has an entry (or default value) of 500 with respect to the result-set size. You can edit it by setting:

```
sizelimit=1000
```
on your slapd.conf, or whatever value suits you. As far as for your initial problem is concerned, are you sure that nothing has changed to your OpenLDAP acls configuration? Have you double-checked that the ou=Users,dc=iutge1,dc=ujf-grenoble,dc=fr is accessible from your samba-ldap user and returns your users list?


----------



## belcayre (Nov 28, 2012)

Hello, sory for the late of my answer
thanks for reply, this the solution i have found and now it work perfectly.

thanks for help


----------



## belcayre (Nov 29, 2012)

By curiosity on my old pdc I have the following problem

```
root@iutge1-pdc: ~ net rpc info
Enter root's password:
Could not connect to server IUTGE1-PDC
Connection failed: NT_STATUS_BAD_NETWORK_NAME
```

testparm is ok, I can mount cifs shares but I can't join computer to the domain, any idea?

I look permissions on my samba/home and there is no problem, I don't find any information in log files.


----------



## mamalos (Nov 29, 2012)

Such errors are usually occurring when hostname resolution does not work properly. Check your server's name in /etc/hosts, bind or nmbd to see if it is resolved correctly on the machine you're trying to connect from. Incorrect name resolution is one of the most common sources of troubles in samba.


----------

