Glenn Arnold
2004-Sep-02 01:42 UTC
[Samba] smbldap_search_suffix: Problem during the LDAP search
Hello,
I need some help with the following errors that I have in my log.smbd:
[2004/09/01 21:14:39, 0] lib/smbldap.c:smbldap_search_suffix(1126)
smbldap_search_suffix: Problem during the LDAP search: (Size limit
exceeded)
[2004/09/01 21:14:39, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(1078)
ldapsam_setsampwent: LDAP search failed: Size limit exceeded
[2004/09/01 21:14:39, 0]
rpc_server/srv_samr_nt.c:load_sampwd_entries(232)
load_sampwd_entries: Unable to open passdb.
I notice the problem Monday. If I use User Manager to view user in my
Samba-LDAP PDC I get the following error "The stub received bad data"
Then I get the prompt "Do I want to select another domain to
administer". If I run Server Manager I get the same error. One problem
I discovered was that I had exceeded the size limit for openldap search.
The default SIZELIMIT 500 I increased the size to 10000 which I thought
this would solve the problem which it has not. I can login to domain
with and access resource on the server with no problems. I search this
list and google and did not come up with anything conclusive. I am
running samba 3.04, openldap-2.1.22-8, and Redhat AS 3.0. Any insight
on these errors would be appreciated. Here is smb.conf
[global]
netbios name = HSFNP01
workgroup = MTHCS
server string security = user
os level = 64
domain master = yes
local master = yes
preferred master = yes
time server = yes
#passdb backend = tdbsam
ldappasswd sync =yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=samba,ou=DSA,dc=mthcs,dc=net
#ldap admin dn = cn=Manager,dc=mthcs,dc=net
ldap suffix = dc=mthcs,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = no
unix extensions = yes
encrypt passwords = yes
domain logons = yes
logon script = logon.bat
logon drive = H:
logon home = \\%L\%U
logon path socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
SO_RCVBUF=8192
SO_SNDBUF=8192
wins support = no
wins server = 10.100.0.10
veto files = /*.eml/*.nws/riched20.dll/
lanman auth = yes
add user script = /usr/local/sbin/smbldap-useradd -m %u
delete user script = /usr/local/sbin/smbldap-userdel %u
ldap delete dn = yes
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupadd "%g"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/local/sbin/smbldap-usermod -g
"%g"
"%u"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
dos charset = 850
unix charset = ISO8859-1
oplocks = yes
load printers = yes
printing = cups
printer admin = Administrator, @Domain Admins
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = -
winbind use default domain = No
[netlogon]
path = /smbsrvr/netlogon/scripts
browsable = no
guest ok = yes
write list = Domain Admins
[homes]
comment = Home Directories
browseable = no
read only = no
hide dot files = yes
veto files /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/
dos file times = yes
[C$]
valid users = @root
path = /smbsrvr
read only = no
create mask = 0770
directory mask = 0770
force group = Domain Admins
force directory mode = 0770
dos file times = yes
[Apps]
read only = no
path = /smbsrvr/Apps
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
inherit permissions = yes
[Students]
path = /smbsrvr/Students
read only = no
create mask = 0770
directory mask = 0770
force group = hsstudents
force create mode = 0770
force directory mode = 0770
dos filetimes = yes
[AdminTools$]
path = /smbsrvr/AdminTools
read only = no
dos filetimes = yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = yes
browseable = no
guest ok = yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
browseable = yes
guest ok = no
read only = yes
write list = root, @ntadmin
#[%G]
#path = /home/groups/%G/
#read only = no
#force group = %G
[home$]
writeable = yes
write list = +ntadmin,@"MTHS-Domain Admins",@ntadmin,@root
path = /home
force directory mode = 0770
force group = +ntadmin
dos file times = yes
create mask = 0770
directory mask = 0770
valid users = +ntadmins,+root,@"MTHS-Domain
Admins",@ntadmin,@root
[ezaudit]
path = /smbsrvr/ezaudit
read only = no
browsable = no
guest ok = yes
[HSGUIDANCE]
path = /smbsrvr/Guidance
read only = no
dos filetimes = yes
[HS PRINCIPAL]
path = /smbsrvr/hsprincipal
read only = no
dos filetimes = yes
[CIP]
path = /smbsrvr/CIP
read only = no
dos filetimes = yes
[POISE ISSUES]
path = /smbsrvr/Poise Issues
read only = no
dos filetimes = yes
[HSDISCIPLINE]
path = /smbsrvr/Discipline
read only = no
dos filetimes = yes
[YEARBOOK]
path = /smbsrvr/yearbook
read only = no
dos filetimes = yes
[INSTALL]
comment = Mt. Healthy Software
path = /smbsrvr/Install
read only = No
guest only = Yes
[ADMINTOOLS$]
path = /smbsrvr/AdminTools
read only = no
dos filetimes = yes
[hsstudents]
path = /home/hsstudents
read only = no
dos filetimes = yes
[hsstaff]
path = /home/hsstaff
read only = no
dos filetimes = yes
[hsbuilding]
path = /home/hsbuilding
read only = no
dos filetimes = yes
Thanks for your help!
-Glenn
Gerald (Jerry) Carter
2004-Sep-02 15:19 UTC
[Samba] smbldap_search_suffix: Problem during the LDAP search
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Glenn Arnold wrote: | Hello, | | I need some help with the following errors that I | have in my log.smbd: | | smbldap_search_suffix: Problem during the LDAP search: | (Size limit exceeded) | ldapsam_setsampwent: LDAP search failed: Size | limit exceeded | load_sampwd_entries: Unable to open passdb. | | I am running samba 3.04, openldap-2.1.22-8, and Redhat | AS 3.0. Any insight on these errors would be appreciated. Looks like you are hittiong the server's size limit for any given search. You can try dumping up the limit in slapd.conf as a temporary workaround. This is something we should fix (use the PagedSearchControl or such). cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBNznuIR7qMdg1EfYRApMwAKCnhkRnXZcY9xni84hlIaXzWKeOPgCfXLTd odfMkbeFPS48s3/GcKVvfKI=d/qN -----END PGP SIGNATURE-----
Apparently Analagous Threads
- Samba 3.0.5 pre1 cannot ad windows xp machine to domain
- User Manger for Domains can not reset user password.
- Samba 3.0 PDC, exchange 5.5 installing service pack 4 fails.
- LDAP search failed: Size limit exceeded
- Win95 on a Samba3+LDAP domain on a Debian box