[Samba] smbldap_open: cannot access LDAP when not root
Louis van Belle
louis at van-belle.nl
Wed Feb 1 13:04:13 GMT 2006
check the rights on
libnss-ldap
libpam-ldap
set it to 644
Louis
>-----Oorspronkelijk bericht-----
>Van: samba-bounces+louis=van-belle.nl at lists.samba.org
>[mailto:samba-bounces+louis=van-belle.nl at lists.samba.org]
>Namens James Cort
>Verzonden: woensdag 1 februari 2006 13:07
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] smbldap_open: cannot access LDAP when not root
>
>I'm using Samba 3.0.14a as a PDC with an LDAP backend.
>
>I am having trouble using the Windows "User Manager for Domains" tool.
>
>As an example, I shall be looking at the "Domain Users" group.
>Whenever
>I try modifying anybody's group membership, I get the error message:
>
> "The following error occurred changing the properties of the global
>group Domain Users:
>
>The group name could not be found."
>
>I am running User Manager as a user with Domain Admin privileges.
>Domain Admins have been granted every available right using
>the net rpc
>rights command. Samba is definitely doing an LDAP search for
>the group
>and is getting sensible results (logs below). The research I've done
>suggests this may be a known issue, but generally with older versions
>of Samba.
>
>Samba logs show a point which I'll mention here:
>
>[2006/02/01 11:33:46, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>
>
>
>The LDAP entry for the Domain Users group shows:
>
># Domain Users, Group, u4eatech.com
>dn: cn=Domain Users,ou=Group,dc=u4eatech,dc=com
>objectClass: posixGroup
>objectClass: sambaGroupMapping
>gidNumber: 513
>cn: Domain Users
>description: Netbios Domain Users
>sambaSID: S-1-5-21-2044582568-1589646193-1504741369-513
>sambaGroupType: 2
>displayName: Domain Users
>
>
>Domain Admin privs:
>
>elli ~ # net rpc -U jamesc rights list "U4EATECH\Domain Admins"
>Password:
>SeMachineAccountPrivilege
>SePrintOperatorPrivilege
>SeAddUsersPrivilege
>SeRemoteShutdownPrivilege
>SeDiskOperatorPrivilege
>
>
>In the Samba logs, I see the following error:
>
>
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:46, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:47, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:48, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:49, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:50, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:51, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:52, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:53, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:54, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:55, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:56, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:57, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:58, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:33:59, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:34:00, 0] lib/smbldap.c:smbldap_open(882)
> smbldap_open: cannot access LDAP when not root..
>[2006/02/01 11:34:00, 0]
>passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
> ldapsam_search_one_group: Problem during the LDAP search:
>LDAP error:
> (Timed out)
>
>
>LDAP Logs:
>
>
>Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SRCH
>base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0
>filter="(&(objectClass=sambaGroupMapping)(|(displayName=domain
>users)(cn=domain users)))"
>Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SRCH
>attr=gidNumber sambaSID sambaGroupType sambaSIDList description
>displayName cn objectClass
>Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 ENTRY
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SEARCH
>RESULT tag=101 err=0 nentries=1 text=
>Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 SRCH
>base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0
>filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-204
>4582568-1589646193-1504741369-513))"
>Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 SRCH
>attr=gidNumber sambaSID sambaGroupType sambaSIDList description
>displayName cn objectClass
>Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 ENTRY
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63
>SEARCH RESULT
>tag=101 err=0 nentries=1 text=
>Feb 1 11:37:30 cygnus_new slapd[26454]: conn=310772 op=2 UNBIND
>Feb 1 11:37:30 cygnus_new slapd[26454]: conn=310772 fd=30 closed
>Feb 1 11:37:30 cygnus_new slapd[12571]: conn=310793 fd=30 ACCEPT from
>IP=172.30.1.22:59861 (IP=0.0.0.0:389)
>Feb 1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 BIND
>dn="cn=manager,dc=u4eatech,dc=com" method=128
>Feb 1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 BIND
>dn="cn=manager,dc=u4eatech,dc=com" mech=SIMPLE ssf=0
>Feb 1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0
>RESULT tag=97
>err=0 text=
>Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SRCH
>base="ou=Group,dc=u4eatech,dc=com" scope=1 deref=0
>filter="(&(objectClass=posixGroup)(gidNumber=513))"
>Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SRCH attr=cn
>userPassword memberUid uniqueMember gidNumber
>Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 ENTRY
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SEARCH RESULT
>tag=101 err=0 nentries=1 text=
>Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 SRCH
>base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0
>filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-204
>4582568-1589646193-1504741369-513))"
>Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 SRCH
>attr=gidNumber sambaSID sambaGroupType sambaSIDList description
>displayName cn objectClass
>Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 ENTRY
>dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com"
>Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64
>SEARCH RESULT
>tag=101 err=0 nentries=1 text=
>Feb 1 11:37:30 cygnus_new slapd[12628]: conn=310793 op=2 UNBIND
>
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list