check the rights on libnss-ldap libpam-ldap
set it to 644 Louis >-----Oorspronkelijk bericht----- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens James Cort >Verzonden: woensdag 1 februari 2006 13:07 >Aan: samba@lists.samba.org >Onderwerp: [Samba] smbldap_open: cannot access LDAP when not root > >I'm using Samba 3.0.14a as a PDC with an LDAP backend. > >I am having trouble using the Windows "User Manager for Domains" tool. > >As an example, I shall be looking at the "Domain Users" group. >Whenever >I try modifying anybody's group membership, I get the error message: > > "The following error occurred changing the properties of the global >group Domain Users: > >The group name could not be found." > >I am running User Manager as a user with Domain Admin privileges. >Domain Admins have been granted every available right using >the net rpc >rights command. Samba is definitely doing an LDAP search for >the group >and is getting sensible results (logs below). The research I've done >suggests this may be a known issue, but generally with older versions >of Samba. > >Samba logs show a point which I'll mention here: > >[2006/02/01 11:33:46, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. > > > >The LDAP entry for the Domain Users group shows: > ># Domain Users, Group, u4eatech.com >dn: cn=Domain Users,ou=Group,dc=u4eatech,dc=com >objectClass: posixGroup >objectClass: sambaGroupMapping >gidNumber: 513 >cn: Domain Users >description: Netbios Domain Users >sambaSID: S-1-5-21-2044582568-1589646193-1504741369-513 >sambaGroupType: 2 >displayName: Domain Users > > >Domain Admin privs: > >elli ~ # net rpc -U jamesc rights list "U4EATECH\Domain Admins" >Password: >SeMachineAccountPrivilege >SePrintOperatorPrivilege >SeAddUsersPrivilege >SeRemoteShutdownPrivilege >SeDiskOperatorPrivilege > > >In the Samba logs, I see the following error: > > > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:46, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:47, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:48, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:49, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:50, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:51, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:52, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:53, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:54, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:55, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:56, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:57, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:58, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:33:59, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:34:00, 0] lib/smbldap.c:smbldap_open(882) > smbldap_open: cannot access LDAP when not root.. >[2006/02/01 11:34:00, 0] >passdb/pdb_ldap.c:ldapsam_search_one_group(1971) > ldapsam_search_one_group: Problem during the LDAP search: >LDAP error: > (Timed out) > > >LDAP Logs: > > >Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SRCH >base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 >filter="(&(objectClass=sambaGroupMapping)(|(displayName=domain >users)(cn=domain users)))" >Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SRCH >attr=gidNumber sambaSID sambaGroupType sambaSIDList description >displayName cn objectClass >Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 ENTRY >dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com" >Feb 1 11:37:30 cygnus_new slapd[30055]: conn=310691 op=62 SEARCH >RESULT tag=101 err=0 nentries=1 text= >Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 SRCH >base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 >filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-204 >4582568-1589646193-1504741369-513))" >Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 SRCH >attr=gidNumber sambaSID sambaGroupType sambaSIDList description >displayName cn objectClass >Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 ENTRY >dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com" >Feb 1 11:37:30 cygnus_new slapd[8490]: conn=310691 op=63 >SEARCH RESULT >tag=101 err=0 nentries=1 text= >Feb 1 11:37:30 cygnus_new slapd[26454]: conn=310772 op=2 UNBIND >Feb 1 11:37:30 cygnus_new slapd[26454]: conn=310772 fd=30 closed >Feb 1 11:37:30 cygnus_new slapd[12571]: conn=310793 fd=30 ACCEPT from >IP=172.30.1.22:59861 (IP=0.0.0.0:389) >Feb 1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 BIND >dn="cn=manager,dc=u4eatech,dc=com" method=128 >Feb 1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 BIND >dn="cn=manager,dc=u4eatech,dc=com" mech=SIMPLE ssf=0 >Feb 1 11:37:30 cygnus_new slapd[16367]: conn=310793 op=0 >RESULT tag=97 >err=0 text= >Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SRCH >base="ou=Group,dc=u4eatech,dc=com" scope=1 deref=0 >filter="(&(objectClass=posixGroup)(gidNumber=513))" >Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SRCH attr=cn >userPassword memberUid uniqueMember gidNumber >Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 ENTRY >dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com" >Feb 1 11:37:30 cygnus_new slapd[2070]: conn=310793 op=1 SEARCH RESULT >tag=101 err=0 nentries=1 text= >Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 SRCH >base="ou=Group,dc=u4eatech,dc=com" scope=2 deref=0 >filter="(&(objectClass=sambaGroupMapping)(sambaSID=s-1-5-21-204 >4582568-1589646193-1504741369-513))" >Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 SRCH >attr=gidNumber sambaSID sambaGroupType sambaSIDList description >displayName cn objectClass >Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 ENTRY >dn="cn=Domain Users,ou=Group,dc=u4eatech,dc=com" >Feb 1 11:37:30 cygnus_new slapd[2069]: conn=310691 op=64 >SEARCH RESULT >tag=101 err=0 nentries=1 text= >Feb 1 11:37:30 cygnus_new slapd[12628]: conn=310793 op=2 UNBIND > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba