[Samba] errors - cannot access LDAP when not root
btate at objectmastery.com
Tue May 22 02:39:44 GMT 2007
Hi there. This is our PDC & main file server. I started from scratch
with this one. New Centos 5 install then I copied the old printer .tdb
files as a "short cut" but samba was dumping core until I got rid of
them. So effectively I've blown it all away. LDAP manager secret has
been redone and I had the server rejoin the domain.
It's not like it isn't working, it is, but there are slowdowns and
delays and the "cannot access LDAP when not root.." error messages in
all users log files are the only things I've got to go on. Very
frustrating for the users.
i.e. 10-20 seconds for a directory to come up in Windows Explorer
initially, then it seems ok for a (very) short while, then it bogs down
The LDAP server is remote but there doesn't seem to be much traffic and
there is negligible load on the LDAP server box.
I'm wondering if it's something in my LDAP. slapd.conf is largely
unchanged from before except for adding an index or 3 and removing
transport encryption. I've updated the samba schema because of the
changes in 3.0.23, reloaded the data and reindexed. No errors but no
improvement. Running the LDAP server locally doesn't seem to make a
ldapsearch -x -b "dc=yourbase,dc=net" "(ObjectClass=*)" as suggested by
Justin on the mailing list works fine from any number of places.
It really is very frustrating.
Alex Crow wrote:
> I see you are on the samba list too :-).
> Is this an LDAP server running on the local box or elsewhere? I vaguely
> remember something like this but I think I solved it by re-adding the
> "manager" stuff in slapd.conf and making sure I'd stored the secret in
> samba's tdb's with smbpasswd -W and then restarting smbd.
> We've had .24 running OK on Suse 9.2 through 10.1. If you want to send
> me your samba and openldap configs and I'll compare them to ours.
> I've also had issues in the past with copying configs, especially .tdb
> files. I usually find it's best to just blow them away and run the
> relevant stuff again. I avoid the printer related stuff if you're
> running a print server but everything else I've blasted, just set the
> ldap manager secret, rejoined the domain (even if it's a DC, I hear you
> should join it to its own domain) and all has been OK.
> On Tue, 2007-05-22 at 00:07 +1000, Bradley Tate wrote:
>> I was happy enough running SuSE 9.3 and samba 3.0.20 with openldap but
>> hardware problems forced me to move. I tried openSuSe 10.2 with samba
>> 3.0.23 and 3.0.24 but kept getting strange interactions with openldap
>> and Internal Errors from samba, I realise now possibly due to copying
>> .dat files from the old setup.
>> I've now moved to something I know a bit better, which is a more redhat
>> like Centos 5 and have virtually installed from scratch except for the
>> LDAP directory and the smb.conf. I'm now getting heaps of the same
>> errors in the user logs.
>> Typically a fragment is:
>> [2007/05/21 23:45:18, 5] lib/smbldap.c:smbldap_search_ext(1179)
>> smbldap_search_ext: base => [ou=Groups,dc=objectmastery,dc=com],
>> filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10
>> 0))], scope => 
>> [2007/05/21 23:45:18, 0] lib/smbldap.c:smbldap_open(1009)
>> smbldap_open: cannot access LDAP when not root..
>> Any clues on how to get rid of the problem would be helpful, even if
>> it's to tell me more information is needed or where I should start
>> looking. Rollback is not an option.
More information about the samba