Doug Campbell:
[...]
smbldap_open: cannot access LDAP when not root...
[...]
As which user (Unix) is slapd (presume this is OpenLDAP)running? Do you have an 'ldap admin dn' entry in smb.conf with rights to all LDAP ACLs?
I.e., I don't have this problem with Samba 3.0.11/OL 2.2.17-23 and didn't with 3.0.7, either.
My smb.conf file does have the ldap admin dn entry. The relevant section of my smb.conf file is as follows:
[...]
Again, as which Unix user is slapd running? Who is the owner of your DB files, config files, etc.? What are the permissions on them? Have you certificates (i.e. the CA cert) or anything that smbd has to try to read that can only be read by root? Is "cn=Manager,dc=swro,dc=local" a proxy user in your DIT, or the rootdn user in slapd.conf (it's better to make a proxy user in the DIT and comment out the rootdn). Can a normal user run ldapsearch, for example, without being root?Etc. ;)
--Tonni
-- mail: [EMAIL PROTECTED] http://www.billy.demon.nl
Hello!
samba have next code in smbldap.c:
#ifndef NO_LDAP_SECURITY
if (geteuid() != 0) {
DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n"));
return LDAP_INSUFFICIENT_ACCESS;
}
#endifIf you user account not have uid=0 sometimes you have a problem described above.
If you have next lines in smb.conf and user have above privileges this code affect:
--------------------------- smb.conf:
[global] map to guest = Bad User enable privileges = Yes --------------------------- User account:
SeMachineAccountPrivilege: if you enter to domain as guest SeAddUsersPrivilege: if you try create group or change membership users
not tested: SePrintOperatorPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege
Better ask what "uid" :)
Who will write to bug-report ? ;)
Best regards, Loskutov Sergey
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
