Hi I was happy enough running SuSE 9.3 and samba 3.0.20 with openldap but hardware problems forced me to move. I tried openSuSe 10.2 with samba 3.0.23 and 3.0.24 but kept getting strange interactions with openldap and Internal Errors from samba, I realise now possibly due to copying .dat files from the old setup. I've now moved to something I know a bit better, which is a more redhat like Centos 5 and have virtually installed from scratch except for the LDAP directory and the smb.conf. I'm now getting heaps of the same errors in the user logs. Typically a fragment is: [2007/05/21 23:45:18, 5] lib/smbldap.c:smbldap_search_ext(1179) smbldap_search_ext: base => [ou=Groups,dc=objectmastery,dc=com], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10 0))], scope => [2] [2007/05/21 23:45:18, 0] lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root.. Any clues on how to get rid of the problem would be helpful, even if it's to tell me more information is needed or where I should start looking. Rollback is not an option. Thanks, Bradley
I'm hardly an OpenLDAP expert, but check your ACLs in your slapd.conf.
Make sure you've got something like this:
access to *
by * read
You should probably tighten up your LDAP security a bit more than that,
but you get my point. You should be able to do an anonymous bind and
search LDAP from the command line:
ldapsearch -x -b "dc=yourbase,dc=net" "(ObjectClass=*)"
In my experience, that should be working before you can do anything
useful with Samba.
Hope this helps!
-Justin
On 5/21/2007 10:07 AM, Bradley Tate wrote:> Hi
>
> I was happy enough running SuSE 9.3 and samba 3.0.20 with openldap but
> hardware problems forced me to move. I tried openSuSe 10.2 with samba
> 3.0.23 and 3.0.24 but kept getting strange interactions with openldap
> and Internal Errors from samba, I realise now possibly due to copying
> .dat files from the old setup.
>
> I've now moved to something I know a bit better, which is a more redhat
> like Centos 5 and have virtually installed from scratch except for the
> LDAP directory and the smb.conf. I'm now getting heaps of the same
> errors in the user logs.
>
> Typically a fragment is:
>
> [2007/05/21 23:45:18, 5] lib/smbldap.c:smbldap_search_ext(1179)
> smbldap_search_ext: base => [ou=Groups,dc=objectmastery,dc=com],
> filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10
> 0))], scope => [2]
> [2007/05/21 23:45:18, 0] lib/smbldap.c:smbldap_open(1009)
> smbldap_open: cannot access LDAP when not root..
>
> Any clues on how to get rid of the problem would be helpful, even if
> it's to tell me more information is needed or where I should start
> looking. Rollback is not an option.
>
> Thanks,
>
> Bradley
>
>
Alex, Hi there. This is our PDC & main file server. I started from scratch with this one. New Centos 5 install then I copied the old printer .tdb files as a "short cut" but samba was dumping core until I got rid of them. So effectively I've blown it all away. LDAP manager secret has been redone and I had the server rejoin the domain. It's not like it isn't working, it is, but there are slowdowns and delays and the "cannot access LDAP when not root.." error messages in all users log files are the only things I've got to go on. Very frustrating for the users. i.e. 10-20 seconds for a directory to come up in Windows Explorer initially, then it seems ok for a (very) short while, then it bogs down again. The LDAP server is remote but there doesn't seem to be much traffic and there is negligible load on the LDAP server box. I'm wondering if it's something in my LDAP. slapd.conf is largely unchanged from before except for adding an index or 3 and removing transport encryption. I've updated the samba schema because of the changes in 3.0.23, reloaded the data and reindexed. No errors but no improvement. Running the LDAP server locally doesn't seem to make a difference. ldapsearch -x -b "dc=yourbase,dc=net" "(ObjectClass=*)" as suggested by Justin on the mailing list works fine from any number of places. It really is very frustrating. Bradley Alex Crow wrote:> Bradley, > > I see you are on the samba list too :-). > > Is this an LDAP server running on the local box or elsewhere? I vaguely > remember something like this but I think I solved it by re-adding the > "manager" stuff in slapd.conf and making sure I'd stored the secret in > samba's tdb's with smbpasswd -W and then restarting smbd. > > We've had .24 running OK on Suse 9.2 through 10.1. If you want to send > me your samba and openldap configs and I'll compare them to ours. > > I've also had issues in the past with copying configs, especially .tdb > files. I usually find it's best to just blow them away and run the > relevant stuff again. I avoid the printer related stuff if you're > running a print server but everything else I've blasted, just set the > ldap manager secret, rejoined the domain (even if it's a DC, I hear you > should join it to its own domain) and all has been OK. > > Cheers > > Alex > > > > > On Tue, 2007-05-22 at 00:07 +1000, Bradley Tate wrote: > >> Hi >> >> I was happy enough running SuSE 9.3 and samba 3.0.20 with openldap but >> hardware problems forced me to move. I tried openSuSe 10.2 with samba >> 3.0.23 and 3.0.24 but kept getting strange interactions with openldap >> and Internal Errors from samba, I realise now possibly due to copying >> .dat files from the old setup. >> >> I've now moved to something I know a bit better, which is a more redhat >> like Centos 5 and have virtually installed from scratch except for the >> LDAP directory and the smb.conf. I'm now getting heaps of the same >> errors in the user logs. >> >> Typically a fragment is: >> >> [2007/05/21 23:45:18, 5] lib/smbldap.c:smbldap_search_ext(1179) >> smbldap_search_ext: base => [ou=Groups,dc=objectmastery,dc=com], >> filter => [(&(objectClass=sambaGroupMapping)(gidNumber=10 >> 0))], scope => [2] >> [2007/05/21 23:45:18, 0] lib/smbldap.c:smbldap_open(1009) >> smbldap_open: cannot access LDAP when not root.. >> >> Any clues on how to get rid of the problem would be helpful, even if >> it's to tell me more information is needed or where I should start >> looking. Rollback is not an option. >> >> Thanks, >> >> Bradley >> >>
(please CC) Hi, "Gerald (Jerry) Carter" wrote:> Bradley Tate wrote: > > > It's not like it isn't working, it is, but there are > > slowdowns and delays and the "cannot access LDAP > > when not root.." error messages in all users log > > files are the only things I've got to go on. Very > > frustrating for the users. > > It's a bug in Samba. After We get 3.0.25a, I'll see > about backporting some fixes to my 3.0.24-gc branch.Do you have any more information about which part of the source code causes this error message? Thanks, Wolf -- Calculators are Weapons of Math Instruction. ('freitasm', seen on /.)
Reasonably Related Threads
- Log: lib/smbldap.c:smbldap_open(1009)
- samba bad password count reset between logins (not loaded from login_cache.tdb)
- trouble joining win xp machines to samba with ldap backend DC
- Samba and connections to LDAP timeout
- joining domain fails because of no samba entries with 3.0.23c