[Samba] Srvtools causes smbldap_open: cannot access LDAP when not
root - SOLUTION
Doug Campbell
doug at bpta.net
Tue Mar 1 09:28:39 GMT 2005
Thanks to those of you who responded. Andrew Bartlett came through with the
answer I needed to hear, which was that I was trying to do something that
wasn't supported.
>>>> I am it has two weeks trying to twirl the PDC with samba + LDAP and
ties
>>>> the moment only migraines. It would like to know which is the problem,
>>>> now, below described in mine log's?
>>>
>>> What user are you trying to use to join the domain. It must either be
>>> root (Samba < 3.0.11) or an user with the SeMachineAccount privilege
>>> (Samba >= 3.0.11).
>>>
>>> Andrew Bartlett
>>
>> Is it also true in Samba < 3.0.11 that only root can add users/groups
>> and make modifications using the SRVTOOLS package?
>
>Correct.
Thanks Andrew for the answer!
Doug
> -----Original Message-----
> From: samba-bounces+doug=bpta.net at lists.samba.org
> [mailto:samba-bounces+doug=bpta.net at lists.samba.org]On Behalf Of Tony
> Earnshaw
> Sent: Monday, February 28, 2005 9:41 PM
> To: samba at lists.samba.org
> Subject: RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP
> when not root
>
>
>
> Doug Campbell:
>
> [...]
>
> >>> smbldap_open: cannot access LDAP when not root...
>
> [...]
>
> >> As which user (Unix) is slapd (presume this is OpenLDAP)running?
> >> Do you have an 'ldap admin dn' entry in smb.conf with rights
> to all LDAP
> >> ACLs?
> >>
> >>
> >> I.e., I don't have this problem with Samba 3.0.11/OL 2.2.17-23 and
> >> didn't with 3.0.7, either.
> >
> > My smb.conf file does have the ldap admin dn entry. The
> relevant section
> > of my smb.conf file is as follows:
>
> [...]
>
> Again, as which Unix user is slapd running? Who is the owner of your DB
> files, config files, etc.? What are the permissions on them? Have you
> certificates (i.e. the CA cert) or anything that smbd has to try to read
> that can only be read by root? Is "cn=Manager,dc=swro,dc=local" a proxy
> user in your DIT, or the rootdn user in slapd.conf (it's better to make a
> proxy user in the DIT and comment out the rootdn). Can a normal user run
> ldapsearch, for example, without being root?Etc. ;)
>
>
> --Tonni
>
> --
> mail: tonye at billy.demon.nl
> http://www.billy.demon.nl
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list