Doug Campbell
2005-Feb-25 10:10 UTC
[Samba] Srvtools causes smbldap_open: cannot access LDAP when not root
I am using Samba 3.0.10-1 on Fedora Core 3. Most everything seems to be working as I expect it to except when I try to use the srvtools package to administrate the users and groups in the domain. I want to check and see whether maybe I am just misunderstanding usage as opposed to their being a configuration problem. If I log into my workstation as Administrator, either the local account or into the domain. I can administrate the server using the srvtools. But if I login as a user who is in the Administrators group, Domain Admins group and I even added the user to the root group and I try to run srvtools. I can view all the settings but when I try to submit changes I get the following error showing up in the smbd.log file: smbldap_open: cannot access LDAP when not root... Is this normal? I would think that Samba would check and see that I am a part of the Domain Admins group and allow the changes I have submitted but it doesn't want to allow anyone but root to access LDAP. Appreciate any insight on this. Thanks!
Tony Earnshaw
2005-Feb-26 15:32 UTC
[Samba] Srvtools causes smbldap_open: cannot access LDAP when not root
Doug Campbell:> I am using Samba 3.0.10-1 on Fedora Core 3. Most everything seems to be > working as I expect it to except when I try to use the srvtools package to > administrate the users and groups in the domain. > > I want to check and see whether maybe I am just misunderstanding usage as > opposed to their being a configuration problem. > > If I log into my workstation as Administrator, either the local account > or into the domain. I can administrate the server using the srvtools. > > But if I login as a user who is in the Administrators group, Domain > Admins > group and I even added the user to the root group and I try to run > srvtools. I can view all the settings but when I try to submit changes I > get the following error showing up in the smbd.log file: > > smbldap_open: cannot access LDAP when not root... > > > Is this normal? I would think that Samba would check and see that I am a > part of the Domain Admins group and allow the changes I have submitted > but it doesn't want to allow anyone but root to access LDAP. > > Appreciate any insight on this.As which user (Unix) is slapd (presume this is OpenLDAP)running? Do you have an 'ldap admin dn' entry in smb.conf with rights to all LDAP ACLs? I.e., I don't have this problem with Samba 3.0.11/OL 2.2.17-23 and didn't with 3.0.7, either. --Tonni -- mail: tonye@billy.demon.nl http://www.billy.demon.nl