smbldap_open: cannot access LDAP when not root..

Дейтер Александр Валерьевич tiamat at komi.mts.ru
Mon Oct 6 14:32:29 GMT 2003


i have a problem with today SAMBA_3_0 from cvs.

On Win2k right click on any file, select Properties -> Security->Add->add in
list any domain group, press OK, in samba logs i see:

[2003/10/06 17:55:01, 0, effective(2019, 2513), real(0, 0)]
lib/smbldap.c:smbldap_open(799)
  smbldap_open: cannot access LDAP when not root..
[2003/10/06 17:55:01, 1, effective(2019, 2513), real(0, 0)]
lib/smbldap.c:smbldap_retry_open(888)
  Connection to LDAP Server failed for the 1 try!
[2003/10/06 17:55:01, 0, effective(2019, 2513), real(0, 0)]
passdb/pdb_ldap.c:ldapsam_setsamgrent(2066)
  ldapsam_setsamgrent: LDAP search failed: Insufficient access
[2003/10/06 17:55:01, 0, effective(2019, 2513), real(0, 0)]
passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2131)
  ldapsam_enum_group_mapping: Unable to open passdb

On adding any domain user all OK.

My domain groups:

# net groupmap list
Domain Users (S-1-5-21-1181159076-3096580900-1627230250-513) -> users
Domain Guests (S-1-5-21-1181159076-3096580900-1627230250-514) -> guests
Domain Computers (S-1-5-21-1181159076-3096580900-1627230250-515) ->
computers
Domain Cboss (S-1-5-21-1181159076-3096580900-1627230250-1667) -> cboss
Domain Admins (S-1-5-21-1181159076-3096580900-1627230250-512) -> wheel

smb.conf:

[global]
        dos charset = 866
        unix charset = KOI8-R
        display charset = KOI8-R
        workgroup = KOMI
        passdb backend = ldapsam
        guest account = guest
        log level = 1
        log file = /var/log/samba/%m.log
        max log size = 50000
        name resolve order = wins host bcast
        time server = Yes
        domain logons = Yes
        os level = 133
        enhanced browsing = No
        wins server = x.x.x.x
        ldap suffix = dc=komi,dc=mts,dc=ru
        ldap machine suffix = ou=Computers,dc=komi,dc=mts,dc=ru
        ldap user suffix = ou=People,dc=komi,dc=mts,dc=ru
        ldap group suffix = ou=Group,dc=komi,dc=mts,dc=ru
        ldap idmap suffix = dc=komi,dc=mts,dc=ru
        ldap admin dn = cn=ldapmanager,dc=komi,dc=mts,dc=ru
        ldap ssl = no
        ldap delete dn = Yes
        admin users = @wheel
        printer admin = @wheel
        use sendfile = Yes

Any ideas?

Thanks!




More information about the samba-technical mailing list