[Samba] Log: lib/smbldap.c:smbldap_open(1009) - Samba

This is a discussion on [Samba] Log: lib/smbldap.c:smbldap_open(1009) - Samba ; Hi. I'm dealing with this "lib/smbldap.c:smbldap_open(1009)" message in the log file. I tried to find some hint in the net but I couldn't find anything that pointed to a solution. Below are the surrounding messages in a excerpt of the ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: [Samba] Log: lib/smbldap.c:smbldap_open(1009)

  1. [Samba] Log: lib/smbldap.c:smbldap_open(1009)

    Hi.

    I'm dealing with this "lib/smbldap.c:smbldap_open(1009)" message in the
    log file. I tried to find some hint in the net but I couldn't find
    anything that pointed to a solution.

    Below are the surrounding messages in a excerpt of the log file:

    [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    fetch sid from uid cache 1088 ->
    S-1-5-21-2852544288-689542784-3650984603-3176
    [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    fetch sid from uid cache 1124 ->
    S-1-5-21-2852544288-689542784-3650984603-3248
    [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    fetch sid from uid cache 1144 ->
    S-1-5-21-2852544288-689542784-3650984603-3288
    [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    fetch sid from uid cache 1254 ->
    S-1-5-21-2852544288-689542784-3650984603-3508
    [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    fetch sid from uid cache 1322 ->
    S-1-5-21-2852544288-689542784-3650984603-3644
    [2007/04/02 17:31:10, 5] lib/smbldap.c:smbldap_search_ext(1179)
    smbldap_search_ext: base => [ou=grupos,dc=xxxx,dc=yyy,dc=zz], filter =>
    [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2]
    [2007/04/02 17:31:10, 0] lib/smbldap.c:smbldap_open(1009)
    smbldap_open: cannot access LDAP when not root..
    [2007/04/02 17:31:10, 10] passdb/lookup_sid.c:gid_to_sid(1137)
    gid_to_sid: local 0 -> S-1-22-2-0
    [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(995)
    fetch sid from gid cache 1012 ->
    S-1-5-21-2852544288-689542784-3650984603-3025
    [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2205)
    canonicalise_acl: Access ace entries before arrange :
    [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
    canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
    ---
    [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
    canon_ace index 1. Type = allow SID =
    S-1-5-21-2852544288-689542784-3650984603-3025 gid 1012 (ensur)
    SMB_ACL_GROUP perms rwx
    [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
    canon_ace index 2. Type = allow SID = S-1-22-2-0 gid 0 (0) SMB_ACL_GROUP
    perms rwx

    I could see in the source of smbldap.c the 'offending line' but it didn't
    help this much since the only way I could devise to correct the problem
    was to recompile the program with NO_LDAP_SECURITY, which seemed to me to
    be not what I should do.

    I can also read in the log that it looks for a group with 'gidNumber=0'
    (what I have none). I could not see if these two messages are related.

    Thanks for any help.

    Ricardo

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..

    Ricardo Dias Campos wrote:
    > Hi, people.
    >
    > I've sent a message looking for help but I had no answer. I don't know
    > whether no one could help or there is missing information or this is the
    > wrong list to post the message.
    >
    > Can some one give me some help?
    >
    > Ricardo
    >
    > On Tue, 17 Apr 2007, Ricardo Dias Campos wrote:
    >

    Did you notice this line?

    smbldap_open: cannot access LDAP when not root..

    might have your binding ldap directives incorrect
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. [Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..

    Hi, people.

    I've sent a message looking for help but I had no answer. I don't know
    whether no one could help or there is missing information or this is the
    wrong list to post the message.

    Can some one give me some help?

    Ricardo

    On Tue, 17 Apr 2007, Ricardo Dias Campos wrote:

    > Hi.
    >
    > I'm dealing with this "lib/smbldap.c:smbldap_open(1009)" message in the
    > log file. I tried to find some hint in the net but I couldn't find
    > anything that pointed to a solution.
    >
    > Below are the surrounding messages in a excerpt of the log file:
    >
    > [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    > fetch sid from uid cache 1088 -> S-1-5-21-2852544288-689542784-3650984603-3176
    > [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    > fetch sid from uid cache 1124 -> S-1-5-21-2852544288-689542784-3650984603-3248
    > [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    > fetch sid from uid cache 1144 -> S-1-5-21-2852544288-689542784-3650984603-3288
    > [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    > fetch sid from uid cache 1254 -> S-1-5-21-2852544288-689542784-3650984603-3508
    > [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
    > fetch sid from uid cache 1322 -> S-1-5-21-2852544288-689542784-3650984603-3644
    > [2007/04/02 17:31:10, 5] lib/smbldap.c:smbldap_search_ext(1179)
    > smbldap_search_ext: base => [ou=grupos,dc=xxxx,dc=yyy,dc=zz], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2]
    > [2007/04/02 17:31:10, 0] lib/smbldap.c:smbldap_open(1009)
    > smbldap_open: cannot access LDAP when not root..
    > [2007/04/02 17:31:10, 10] passdb/lookup_sid.c:gid_to_sid(1137)
    > gid_to_sid: local 0 -> S-1-22-2-0
    > [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(995)
    > fetch sid from gid cache 1012 -> S-1-5-21-2852544288-689542784-3650984603-3025
    > [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2205)
    > canonicalise_acl: Access ace entries before arrange :
    > [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
    > canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms ---
    > [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
    > canon_ace index 1. Type = allow SID = S-1-5-21-2852544288-689542784-3650984603-3025 gid 1012 (ensur) SMB_ACL_GROUP perms rwx
    > [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
    > canon_ace index 2. Type = allow SID = S-1-22-2-0 gid 0 (0) SMB_ACL_GROUP perms rwx
    >
    > I could see in the source of smbldap.c the 'offending line' but it didn't
    > help this much since the only way I could devise to correct the problem
    > was to recompile the program with NO_LDAP_SECURITY, which seemed to me to
    > be not what I should do.
    >
    > I can also read in the log that it looks for a group with 'gidNumber=0'
    > (what I have none). I could not see if these two messages are related.
    >
    > Thanks for any help.
    >
    > Ricardo

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..

    Hi, James.

    Thank you for your reply.

    On Wed, 18 Apr 2007, James Tran wrote:

    > Did you notice this line?
    > smbldap_open: cannot access LDAP when not root..


    Yes, I did.

    > might have your binding ldap directives incorrect


    May be you are right but this could not explain why everything functions
    OK. People can log into the server, can share files and so on.
    Nevertheless I get thousands of messages like that all the time making the
    system slow. By the way, making the system slow and a lot of log messages
    are the only 'sensible' problems, if you understand.

    Another thing I could not understand is why we have the option in smbldap
    of not having the test if geteuid is root. As I could recompile smbd
    taking this test out it seems to be unnecessary...

    Thank you again for your reply. I'll dive into the conf files
    looking for any ldap misconfigurations.

    Ricardo.

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. Re: [Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..

    Ricardo Dias Campos wrote:
    > Hi, James.
    >
    > Thank you for your reply.
    >
    > On Wed, 18 Apr 2007, James Tran wrote:
    >
    >
    >> Did you notice this line?
    >> smbldap_open: cannot access LDAP when not root..
    >>

    >
    > Yes, I did.
    >
    >
    >> might have your binding ldap directives incorrect
    >>

    >
    > May be you are right but this could not explain why everything functions
    > OK. People can log into the server, can share files and so on.
    > Nevertheless I get thousands of messages like that all the time making the
    > system slow. By the way, making the system slow and a lot of log messages
    > are the only 'sensible' problems, if you understand.
    >
    > Another thing I could not understand is why we have the option in smbldap
    > of not having the test if geteuid is root. As I could recompile smbd
    > taking this test out it seems to be unnecessary...
    >
    > Thank you again for your reply. I'll dive into the conf files
    > looking for any ldap misconfigurations.
    >
    > Ricardo.
    >
    >

    Yeah other thing u might wanna check is that the ACL directives in your
    LDAP server are correct
    i noticed this

    smbd/posix_acls.c:canonicalise_acl

    it's possible that you gave permissions to certain parts of your ldap directory and not others that samba needs.
    i'd double check your ACLs

    and if they are correct and it's possible restart your ldap server just to make sure things populated correctly.
    If you have a slave it shouldn't be a problem but i dunno what kinda config u got there


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread