samba - May 2008 - smbldap_open: cannot access LDAP when not root..

Greetings list,

I just upgraded my main file server, and copied over a dump of my LDAP 
database, samba conf files, tdbs, etc.

Everything fired up OK and runs, except:

-Some users (perhaps 5 or 6 out of 125) can't log in, getting the
"domain
unavailable" message
-I can't rejoin them to the domain - the process appears to succeed, but 
doesn't
-One of the machine accounts that doesn't work is my main print server :(

The only log error I get is:

[2008/05/27 10:21:43,  0] lib/smbldap.c:smbldap_open(1005)
  smbldap_open: cannot access LDAP when not root..

This occurs periodically in EVERY log file, even for working workstations.

I have re-done granting rights to root/Administrator.  I've double-checked 
everything I can think of, to no avail.

Ideas would be greatly appreciated.

Thanks,

-John


-- 
	This e-mail is intended only for the named person or entity to which it
	is addressed and contains valuable business information that is
	privileged, confidential and/or otherwise protected from disclosure.
	Dissemination, distribution or copying of this e-mail or the information
	herein by anyone other than the intended recipient, or an employee, or
	agent responsible for delivering the message to the intended recipient,
	is strictly prohibited.  All contents are the copyright property of the
	sender.  If you are not the intended recipient, you are nevertheless
	bound to respect the sender's worldwide legal rights.  We require that
	unintended recipients delete the e-mail and destroy all electronic
	copies in their system, retaining no copies in any media.  If you have
	received this e-mail in error, please immediately notify us by calling
	our Help Desk at (603) 433-1143, or e-mail to it@primebuchholz.com.
	We appreciate your cooperation.

Thanks Dale,

Yes, i tried those things.

I now have it working, but the answer was to not use the version of Samba 
that comes with Fedora 9 (3.2.0pre3, I think)

I compiled 3.0.29 myself, then re-installed all the tdbs and LDAP stuff 
from the old server, then fired up that version, and all was well.

BTW - to get 3.0.29 to compile on Fedora 9, I had to comment out some 
lines starting on line 37 or oplock_linux.c to remove the capget/capset 
stuff.In case anyone needs it, here's a patch:

-----8<----- PUT THIS IN samba-3.0.29/source/smbd, save it as 
Fedora9-patch1.diff and run 'patch -p0 < Fedora9-patch1.diff
-----8<-----
--- oplock_linux.c-orig 2008-05-27 13:17:16.000000000 -0400
+++ oplock_linux.c      2008-05-27 13:17:29.000000000 -0400
@@ -34,11 +34,11 @@
        uint32 inheritable;
 } data;

-extern int capget(struct cap_user_header * hdrp,
+/* extern int capget(struct cap_user_header * hdrp,
                  struct cap_user_data * datap);
 extern int capset(struct cap_user_header * hdrp,
                  const struct cap_user_data * datap);
-
+*/
 static SIG_ATOMIC_T signals_received;
 #define FD_PENDING_SIZE 100
 static SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE];
-----8<-----

-John




Dale Schroeder <dale@BriannasSaladDressing.com> 
05/27/2008 01:10 PM

To
johnh@primebuchholz.com
cc

Subject
Re: [Samba] smbldap_open: cannot access LDAP when not root..






John,

You may have already done this, but ==>

The only thing I can think of is rerunning "smbpasswd -w".

There's also mention of file permission changes here:

http://www.archivum.info/linux.samba/2006-02/msg00037.html

Good luck,
Dale



johnh@primebuchholz.com wrote:
> Greetings list,
>
> I just upgraded my main file server, and copied over a dump of my LDAP 
> database, samba conf files, tdbs, etc.
>
> Everything fired up OK and runs, except:
>
> -Some users (perhaps 5 or 6 out of 125) can't log in, getting the 
"domain 
> unavailable" message
> -I can't rejoin them to the domain - the process appears to succeed,
but
> doesn't
> -One of the machine accounts that doesn't work is my main print server 
:(
>
> The only log error I get is:
>
> [2008/05/27 10:21:43,  0] lib/smbldap.c:smbldap_open(1005)
>   smbldap_open: cannot access LDAP when not root..
>
> This occurs periodically in EVERY log file, even for working 
workstations.
>
> I have re-done granting rights to root/Administrator.  I've 
double-checked 
> everything I can think of, to no avail.
>
> Ideas would be greatly appreciated.
>
> Thanks,
>
> -John
>
>
> 

-- 
	This e-mail is intended only for the named person or entity to which it
	is addressed and contains valuable business information that is
	privileged, confidential and/or otherwise protected from disclosure.
	Dissemination, distribution or copying of this e-mail or the information
	herein by anyone other than the intended recipient, or an employee, or
	agent responsible for delivering the message to the intended recipient,
	is strictly prohibited.  All contents are the copyright property of the
	sender.  If you are not the intended recipient, you are nevertheless
	bound to respect the sender's worldwide legal rights.  We require that
	unintended recipients delete the e-mail and destroy all electronic
	copies in their system, retaining no copies in any media.  If you have
	received this e-mail in error, please immediately notify us by calling
	our Help Desk at (603) 433-1143, or e-mail to it@primebuchholz.com.
	We appreciate your cooperation.