[Samba] errors - cannot access LDAP when not root

Bradley Tate btate at objectmastery.com
Tue May 22 02:39:44 GMT 2007


Hi there. This is our PDC & main file server. I started from scratch 
with this one. New Centos 5 install then I copied the old printer .tdb 
files as a "short cut" but samba was dumping core until I got rid of 
them. So effectively I've blown it all away. LDAP manager secret has 
been redone and I had the server rejoin the domain.

It's not like it isn't working, it is, but there are slowdowns and 
delays and the "cannot access LDAP when not root.." error messages in 
all users log files are the only things I've got to go on. Very 
frustrating for the users.

i.e. 10-20 seconds for a directory to come up in Windows Explorer 
initially, then it seems ok for a (very) short while, then it bogs down 

The LDAP server is remote but there doesn't seem to be much traffic and 
there is negligible load on the LDAP server box.

I'm wondering if it's something in my LDAP. slapd.conf is largely 
unchanged from before except for adding an index or 3 and removing 
transport encryption. I've updated the samba schema because of the 
changes in 3.0.23, reloaded the data and reindexed. No errors but no 
improvement. Running the LDAP server locally doesn't seem to make a 

ldapsearch -x -b "dc=yourbase,dc=net" "(ObjectClass=*)" as suggested by 
Justin on the mailing list works fine from any number of places.

It really is very frustrating.


Alex Crow wrote:
> Bradley,
> I see you are on the samba list too :-).
> Is this an LDAP server running on the local box or elsewhere? I vaguely
> remember something like this but I think I solved it by re-adding the
> "manager" stuff in slapd.conf and making sure I'd stored the secret in
> samba's tdb's with smbpasswd -W and then restarting smbd.
> We've had .24 running OK on Suse 9.2 through 10.1. If you want to send
> me your samba and openldap configs and I'll compare them to ours.
> I've also had issues in the past with copying configs, especially .tdb
> files. I usually find it's best to just blow them away and run the
> relevant stuff again. I avoid the printer related stuff if you're
> running a print server but everything else I've blasted, just set the
> ldap manager secret, rejoined the domain (even if it's a DC, I hear you
> should join it to its own domain) and all has been OK.
> Cheers
> Alex
> On Tue, 2007-05-22 at 00:07 +1000, Bradley Tate wrote:
>> Hi
>> I was happy enough running SuSE 9.3 and samba 3.0.20 with openldap but
>> hardware problems forced me to move. I tried openSuSe 10.2 with samba
>> 3.0.23 and 3.0.24 but kept getting strange interactions with openldap
>> and Internal Errors from samba, I realise now possibly due to copying
>> .dat files from the old setup.
>> I've now moved to something I know a bit better, which is a more redhat
>> like Centos 5 and have virtually installed from scratch except for the
>> LDAP directory and the smb.conf. I'm now getting heaps of the same 
>> errors in the user logs.
>> Typically a fragment is:
>> [2007/05/21 23:45:18, 5] lib/smbldap.c:smbldap_search_ext(1179)
>>   smbldap_search_ext: base => [ou=Groups,dc=objectmastery,dc=com],
>> filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10
>> 0))], scope => [2]
>> [2007/05/21 23:45:18, 0] lib/smbldap.c:smbldap_open(1009)
>>   smbldap_open: cannot access LDAP when not root..
>> Any clues on how to get rid of the problem would be helpful, even if
>> it's to tell me more information is needed or where I should start
>> looking. Rollback is not an option.
>> Thanks,
>> Bradley

More information about the samba mailing list