[Samba] smbldap_open: cannot access LDAP when not root

Louis van Belle louis at van-belle.nl
Wed Feb 1 13:04:13 GMT 2006


check the rights on 

libnss-ldap
libpam-ldap

set it to 644

Louis

 

>-----Oorspronkelijk bericht-----
>Van: samba-bounces+louis=van-belle.nl at lists.samba.org 
>[mailto:samba-bounces+louis=van-belle.nl at lists.samba.org] 
>Namens James Cort
>Verzonden: woensdag 1 februari 2006 13:07
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] smbldap_open: cannot access LDAP when not root
>
>I'm using Samba 3.0.14a as a PDC with an LDAP backend.
>
>I am having trouble using the Windows "User Manager for Domains" tool.
>
>As an example, I shall be looking at the "Domain Users" group. 
>Whenever 
>I try modifying anybody's group membership, I get the error message:
>
>  "The following error occurred changing the properties of the global 
>group Domain Users:
>
>The group name could not be found."
>
>I am running User Manager as a user with Domain Admin privileges.  
>Domain Admins have been granted every available right using 
>the net rpc 
>rights command.  Samba is definitely doing an LDAP search for 
>the group 
>and is getting sensible results (logs below).  The research I've done 
>suggests this may be a known issue, but generally with older versions 
>of Samba.
>
>Samba logs show a point which I'll mention here:
>
>[2006/02/01 11:33:46, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>
>
>
>The LDAP entry for the Domain Users group shows:
>
># Domain Users, Group, u4eatech.com
>dn: cn=Domain Users,ou=Group,dc=u4eatech,dc=com
>objectClass: posixGroup
>objectClass: sambaGroupMapping
>gidNumber: 513
>cn: Domain Users
>description: Netbios Domain Users
>sambaSID: S-1-5-21-2044582568-1589646193-1504741369-513
>sambaGroupType: 2
>displayName: Domain Users
>
>
>Domain Admin privs:
>
>elli ~ # net rpc -U jamesc rights list "U4EATECH\Domain Admins"
>Password:
>SeMachineAccountPrivilege
>SePrintOperatorPrivilege
>SeAddUsersPrivilege
>SeRemoteShutdownPrivilege
>SeDiskOperatorPrivilege
>
>
>In the Samba logs, I see the following error:
>
>
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:46, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:47, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:48, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:49, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:50, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:51, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:52, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:53, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:54, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:55, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:56, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:57, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:58, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:59, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:34:00, 0] lib/smbldap.c:smbldap_open(882)
>  smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:34:00, 0] 
>passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
>  ldapsam_search_one_group: Problem during the LDAP search: 
>LDAP error: 
>  (Timed out)
>
>
>LDAP Logs:
>
>
>Feb  1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SRCH 
>base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 
>filter="(&(objectClass=sambaGroupMapping)(|(displayName=domain 
>users)(cn=domain users)))"
>Feb  1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SRCH 
>attr=gidNumber sambaSID sambaGroupType sambaSIDList description 
>displayName cn objectClass
>Feb  1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 ENTRY 
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb  1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SEARCH 
>RESULT tag=101 err=0 nentries=1 text=
>Feb  1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 SRCH 
>base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 
>filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-204
>4582568-1589646193-1504741369-513))"
>Feb  1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 SRCH 
>attr=gidNumber sambaSID sambaGroupType sambaSIDList description 
>displayName cn objectClass
>Feb  1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 ENTRY 
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb  1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 
>SEARCH RESULT 
>tag=101 err=0 nentries=1 text=
>Feb  1 11:37:30 cygnus_new slapd[26454]: conn=310772 op=2 UNBIND
>Feb  1 11:37:30 cygnus_new slapd[26454]: conn=310772 fd=30 closed
>Feb  1 11:37:30 cygnus_new slapd[12571]: conn=310793 fd=30 ACCEPT from 
>IP=172.30.1.22:59861 (IP=0.0.0.0:389)
>Feb  1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 BIND 
>dn="cn=manager,dc=u4eatech,dc=com" method=128
>Feb  1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 BIND 
>dn="cn=manager,dc=u4eatech,dc=com" mech=SIMPLE ssf=0
>Feb  1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 
>RESULT tag=97 
>err=0 text=
>Feb  1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SRCH 
>base="ou=Group,dc=u4eatech,dc=com" scope=1 deref=0 
>filter="(&(objectClass=posixGroup)(gidNumber=513))"
>Feb  1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SRCH attr=cn 
>userPassword memberUid uniqueMember gidNumber
>Feb  1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 ENTRY 
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb  1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SEARCH RESULT 
>tag=101 err=0 nentries=1 text=
>Feb  1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 SRCH 
>base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 
>filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-204
>4582568-1589646193-1504741369-513))"
>Feb  1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 SRCH 
>attr=gidNumber sambaSID sambaGroupType sambaSIDList description 
>displayName cn objectClass
>Feb  1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 ENTRY 
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb  1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 
>SEARCH RESULT 
>tag=101 err=0 nentries=1 text=
>Feb  1 11:37:30 cygnus_new slapd[12628]: conn=310793 op=2 UNBIND
>
>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>



More information about the samba mailing list