Dear all I have a system with samba PDC with LDAP, samba version being 3.0.21 and openLDAP version 2.2.13 i have another linux system with samba version being 3.0.10 which is a member server to samba pdc. i have configured nss_ldap, and ldap.conf configured on the member server pointing to my ldap server on samba pdc The samba PDC LDAP is configured for simple bind . 1 )i have been getting the following errors: on the member server when i issue the command net rpc info i get the following error rpc_parse/parse_prs.c prs_mem_get(537) prs_mem_get: reading data size 14418130 would overrun buffer what does the above error mean 2) on the domain member server i get the error: nss_wins ldap_simple_bind can't contact LDAP server 3) And often on the samba PDC /var/log/message i get the following error init_sam_from_ldap , Failed to get password history for user 4) on samba PDC , With LDAP , i get the following error, slapd[] bdb_equality_candidates : (uid) index_param failed bdb_equality_candidates : (sambaGroupType) index_parm failed i believe the above error means that there some indexing problem with my slapd.conf file in my samba PDC, but what exaclty that is causing the problem , unable to figure it out. my slapd.conf of samba pdc is ################################################################### include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffix "dc=msdpl,dc=com" rootdn "cn=manager,dc=msdpl,dc=com" rootpw secret idletimeout 30 timelimit 30 directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index loginShell eq,pres index nisMapName,nisMapEntry eq,pres,sub index displayName eq,pres,sub index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index default sub access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Users,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Guests,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Print Operators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Backup Operators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Replicators,ou=Groups,dc=msdpl,dc=com" write by anonymous auth by * none # some attributes need to be readable anonymously so that 'id user' can answer correctly access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by * read # somme attributes can be writable by users themselves access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by * read # some attributes need to be writable for samba access to dn.base="dc=msdpl,dc=com" by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by * none # samba need to be able to create new users account access to dn="ou=People,dc=msdpl,dc=com" by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by * none # samba need to be able to create new groups account access to dn="ou=Groups,dc=msdpl,dc=com" by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by * none # samba need to be able to create new computers account access to dn="ou=Computers,dc=msdpl,dc=com" by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write by * none access to * by * read # Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 starttls=critical # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM ################################################################### my samba pdc with LDAP, smb.conf file is ################################################################## # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ====================================[global] workgroup = msdpl.com netbios name = medhapdc passdb backend = ldapsam:ldap://msdpl.com server string = Domain Controller hosts allow = 192.168.128. 192.168.129. 192.168.130. 127. security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0, lo printing = cups disable spoolss = Yes printcap name = cups max print jobs = 100 enable privileges = yes password level = 8 username level = 8 bind interfaces only = yes local master = Yes os level = 65 domain master = yes preferred master = yes null passwords = no hide unreadable = yes hide dot files = yes domain logons = yes logon script = %u.bat logon path logon drive = X: logon home = \\medhapdc\%U wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/samba/%m.log max log size = 50 nt acl support = yes ldap passwd sync = yes add user script = /usr/local/sbin/smbldap-useradd -m "%u" delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%m" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' ldap delete dn = Yes ldap ssl = no ldap suffix = dc=msdpl,dc=com ldap admin dn = cn=manager,dc=msdpl,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://msdpl.com idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = yes winbind use default domain = no template shell = /bin/false ######################################################[Share Definations]########################################### [homes] comment = Home Directories valid users = %S browseable = no read only = no nt acl support = Yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon/scripts guest ok = yes browseable = no write list = root # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba create mask = 0600 guest ok = Yes printable = yes use client driver = Yes browseable = no ##################################################################