Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 05 Apr 2004 15:45:33 +0800
From:      Suhaimi Jamalludin <suhaimi@niser.org.my>
To:        samba@lists.samba.org, freebsd-questions@freebsd.org
Subject:   Why samba-3.0.2 give me this error message?
Message-ID:  <40710E9D.8030103@niser.org.my>

next in thread | raw e-mail | index | archive | help
Hi All,

Need your expert advice regarding Samba3 + OpenLDAP.
I have configure openldap and Samba3 on my FreeBSD5.2.1. I have make 
Samba3 as a PDC on and Authenticate using LDAP.
Everythings works fine.... I can login using sambauser1 to my Samba3-PDC 
and do profile roaming. However I come accross bellow error message on 
my /var/log/message and it's really annoying me.

Can some body advice me how to make this error go away...I'm in the 
final phase to real the system to my user.

Short Error Message Desc:
---------------------------
failed to decode PDU
process_request_pdu: failed to do schannel processing.
smbldap_open: cannot access LDAP when not root..
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
(Insufficient access)
ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, 
(&(objectClass=posixGroup)(gidNumber=4294967295))

OS: FreeBSD 5.2.1-RELEASE-p4
Application:    openldap-server-2.1.29, openldap-client-2.1.29,  
samba-3.0.2a_1,1,  pam_ldap-1.6.9, nss_ldap-1.204_5

Really appreciate your advice.

Thanks & regards,
Suhaimi

# more /var/log/message
Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0] 
rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
Apr 5 14:58:38 my-svr smbd[1034]:  failed to decode PDU
Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0] 
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Apr 5 14:58:38 my-svr smbd[1034]:  process_request_pdu: failed to do 
schannel processing.
Apr 5 14:59:21 my-svr kernel: Connection attempt to TCP 10.1.6.111:80 
from 10.1.6.185:4472 flags:0x02
Apr 5 14:59:22 my-svr last message repeated 2 times
Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0] 
smbd/service.c:make_connection(857)
Apr 5 14:59:23 my-svr smbd[1036]:  suhaimi-wxp (10.1.6.185) couldn't 
find service home
Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0] 
smbd/service.c:make_connection(857)
Apr 5 14:59:23 my-svr smbd[1036]:  suhaimi-wxp (10.1.6.185) couldn't 
find service home
Apr 5 14:59:23 my-svr kernel: Connection attempt to TCP 10.1.6.111:80 
from 10.1.6.185:4473 flags:0x02
Apr 5 14:59:24 my-svr last message repeated 2 times
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Query was: 
ou=groups,dc=test,dc=com, 
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Query was: 
ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Query was: 
ou=groups,dc=test,dc=com, 
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Query was: 
ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Query was: 
ou=groups,dc=test,dc=com, 
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Query was: 
ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Query was: 
ou=groups,dc=test,dc=com, 
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]:  smbldap_open: cannot access LDAP when 
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] 
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]:  ldapsam_search_one_group: Problem 
during the LDAP search: LDAP error: (Insufficient access)

# net groupmap list
Domain Admins (S-1-5-21-3352325568-799001569-404782780-512) -> Domain Admins
Domain Users (S-1-5-21-3352325568-799001569-404782780-513) -> Domain Users
Domain Guests (S-1-5-21-3352325568-799001569-404782780-514) -> Domain Guests
Print Operators (S-1-5-21-3352325568-799001569-404782780-550) -> Print 
Operators
Backup Operators (S-1-5-21-3352325568-799001569-404782780-551) -> Backup 
Operators
Replicator (S-1-5-21-3352325568-799001569-404782780-552) -> Replicator
Domain Computers (S-1-5-21-3352325568-799001569-404782780-553) -> Domain 
Computers
unixgrp (S-1-5-21-3352325568-799001569-404782780-21000) -> unixgrp

# more /usr/local/etc/smb.conf
[global]
        workgroup = TEST
        netbios name = TEST01
        server string = TEST-PDC-SERVER
        comment = TEST-PDC-SERVER
        log file = /var/log/samba/%m.log
        log level = 10
        max log size = 50
        load printers = no
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        security = user
        null passwords = yes
        encrypt passwords = yes
        passwd chat debug = yes
        passwd program =/usr/local/bin/smbldap-passwd -o %u
        passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
        passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/
        ldap admin dn = cn=Manager,dc=test,dc=com
        ldap ssl = no
        ldap suffix = dc=test,dc=com
        ldap machine suffix = ou=computers
        ldap group suffix = ou=groups
        ldap user suffix = ou=users
        ldap passwd sync = yes
        local master = yes
        domain master = yes
        domain logons = yes
        preferred master = yes
        os level = 80
        wins support = yes
        wins proxy = yes
        dns proxy = yes
        name resolve order = wins lmhosts host bcast
        host msdfs = yes
        idmap backend = ldap:ldap://127.0.0.1
        winbind separator = +
        winbind enum users = yes
        winbind enum groups = yes
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        guest account = nobody
        username map = /usr/local/etc/smbusers
        hide dot files = yes
        veto files = /*.eml/*.nws/riched20.dll/*.{*}/
        veto oplock files = /*.doc/*.xls/*.mdb/
        dos charset = CP850
        unix charset = ISO8859-1
        display charset = ISO8859-1
        add machine script = /usr/local/sbin/smbldap-useradd -w %ms"
        add user script = /usr/local/sbin/smbldap-useradd -a %u
        delete user script = /usr/local/sbin/smbldap-userdel %u
        add group script = /usr/local/sbin/smbldap-groupadd %g
        delete group script = /usr/local/sbin/smbldap-groupdel %g
        add user to group script = /usr/local/sbin/smbldap-groupmod" -m 
%u %g
        delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x %u %g
        set primary group script = /usr/local/sbin/smbldap-usermod -G %g %u

# more /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 296
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
allow bind_v2
password-hash {SSHA}
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
rootpw {SSHA}As4yTudmMl4LeWKZJvHS5urwSZvS4aSb
directory /var/db/test.com
mode 0600
index objectClass eq
index cn,sn,uid,memberUid,mail        pres,eq
index uidNumber,gidNumber     eq
index displayName     pres,eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName   eq




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40710E9D.8030103>