Hi All,

Need your expert advice regarding Samba3 + OpenLDAP.
I have configure openldap and Samba3 on my FreeBSD5.2.1. I have make Samba3 as a PDC on and Authenticate using LDAP.
Everythings works fine.... I can login using sambauser1 to my Samba3-PDC and do profile roaming. However I come accross bellow error message on my /var/log/message and it's really annoying me.


Can some body advice me how to make this error go away...I'm in the final phase to real the system to my user.

Short Error Message Desc:
---------------------------
failed to decode PDU
process_request_pdu: failed to do schannel processing.
smbldap_open: cannot access LDAP when not root..
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))


OS: FreeBSD 5.2.1-RELEASE-p4
Application: openldap-server-2.1.29, openldap-client-2.1.29, samba-3.0.2a_1,1, pam_ldap-1.6.9, nss_ldap-1.204_5


Really appreciate your advice.

Thanks & regards,
Suhaimi

# more /var/log/message
Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
Apr 5 14:58:38 my-svr smbd[1034]: failed to decode PDU
Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Apr 5 14:58:38 my-svr smbd[1034]: process_request_pdu: failed to do schannel processing.
Apr 5 14:59:21 my-svr kernel: Connection attempt to TCP 10.1.6.111:80 from 10.1.6.185:4472 flags:0x02
Apr 5 14:59:22 my-svr last message repeated 2 times
Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0] smbd/service.c:make_connection(857)
Apr 5 14:59:23 my-svr smbd[1036]: suhaimi-wxp (10.1.6.185) couldn't find service home
Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0] smbd/service.c:make_connection(857)
Apr 5 14:59:23 my-svr smbd[1036]: suhaimi-wxp (10.1.6.185) couldn't find service home
Apr 5 14:59:23 my-svr kernel: Connection attempt to TCP 10.1.6.111:80 from 10.1.6.185:4473 flags:0x02
Apr 5 14:59:24 my-svr last message repeated 2 times
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)


# net groupmap list
Domain Admins (S-1-5-21-3352325568-799001569-404782780-512) -> Domain Admins
Domain Users (S-1-5-21-3352325568-799001569-404782780-513) -> Domain Users
Domain Guests (S-1-5-21-3352325568-799001569-404782780-514) -> Domain Guests
Print Operators (S-1-5-21-3352325568-799001569-404782780-550) -> Print Operators
Backup Operators (S-1-5-21-3352325568-799001569-404782780-551) -> Backup Operators
Replicator (S-1-5-21-3352325568-799001569-404782780-552) -> Replicator
Domain Computers (S-1-5-21-3352325568-799001569-404782780-553) -> Domain Computers
unixgrp (S-1-5-21-3352325568-799001569-404782780-21000) -> unixgrp


# more /usr/local/etc/smb.conf
[global]
workgroup = TEST
netbios name = TEST01
server string = TEST-PDC-SERVER
comment = TEST-PDC-SERVER
log file = /var/log/samba/%m.log
log level = 10
max log size = 50
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = user
null passwords = yes
encrypt passwords = yes
passwd chat debug = yes
passwd program =/usr/local/bin/smbldap-passwd -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/
ldap admin dn = cn=Manager,dc=test,dc=com
ldap ssl = no
ldap suffix = dc=test,dc=com
ldap machine suffix = ou=computers
ldap group suffix = ou=groups
ldap user suffix = ou=users
ldap passwd sync = yes
local master = yes
domain master = yes
domain logons = yes
preferred master = yes
os level = 80
wins support = yes
wins proxy = yes
dns proxy = yes
name resolve order = wins lmhosts host bcast
host msdfs = yes
idmap backend = ldap:ldap://127.0.0.1
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
idmap gid = 10000-20000
idmap uid = 10000-20000
guest account = nobody
username map = /usr/local/etc/smbusers
hide dot files = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.doc/*.xls/*.mdb/
dos charset = CP850
unix charset = ISO8859-1
display charset = ISO8859-1
add machine script = /usr/local/sbin/smbldap-useradd -w %ms"
add user script = /usr/local/sbin/smbldap-useradd -a %u
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd %g
delete group script = /usr/local/sbin/smbldap-groupdel %g
add user to group script = /usr/local/sbin/smbldap-groupmod" -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -G %g %u


# more /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 296
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
allow bind_v2
password-hash {SSHA}
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
rootpw {SSHA}As4yTudmMl4LeWKZJvHS5urwSZvS4aSb
directory /var/db/test.com
mode 0600
index objectClass eq
index cn,sn,uid,memberUid,mail        pres,eq
index uidNumber,gidNumber     eq
index displayName     pres,eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName   eq


_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to