[Samba] Log: lib/smbldap.c:smbldap_open(1009) - Samba
This is a discussion on [Samba] Log: lib/smbldap.c:smbldap_open(1009) - Samba ; Hi.
I'm dealing with this "lib/smbldap.c:smbldap_open(1009)" message in the
log file. I tried to find some hint in the net but I couldn't find
anything that pointed to a solution.
Below are the surrounding messages in a excerpt of the ...
-
[Samba] Log: lib/smbldap.c:smbldap_open(1009)
Hi.
I'm dealing with this "lib/smbldap.c:smbldap_open(1009)" message in the
log file. I tried to find some hint in the net but I couldn't find
anything that pointed to a solution.
Below are the surrounding messages in a excerpt of the log file:
[2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
fetch sid from uid cache 1088 ->
S-1-5-21-2852544288-689542784-3650984603-3176
[2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
fetch sid from uid cache 1124 ->
S-1-5-21-2852544288-689542784-3650984603-3248
[2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
fetch sid from uid cache 1144 ->
S-1-5-21-2852544288-689542784-3650984603-3288
[2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
fetch sid from uid cache 1254 ->
S-1-5-21-2852544288-689542784-3650984603-3508
[2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
fetch sid from uid cache 1322 ->
S-1-5-21-2852544288-689542784-3650984603-3644
[2007/04/02 17:31:10, 5] lib/smbldap.c:smbldap_search_ext(1179)
smbldap_search_ext: base => [ou=grupos,dc=xxxx,dc=yyy,dc=zz], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2]
[2007/04/02 17:31:10, 0] lib/smbldap.c:smbldap_open(1009)
smbldap_open: cannot access LDAP when not root..
[2007/04/02 17:31:10, 10] passdb/lookup_sid.c:gid_to_sid(1137)
gid_to_sid: local 0 -> S-1-22-2-0
[2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(995)
fetch sid from gid cache 1012 ->
S-1-5-21-2852544288-689542784-3650984603-3025
[2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2205)
canonicalise_acl: Access ace entries before arrange :
[2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
---
[2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
canon_ace index 1. Type = allow SID =
S-1-5-21-2852544288-689542784-3650984603-3025 gid 1012 (ensur)
SMB_ACL_GROUP perms rwx
[2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
canon_ace index 2. Type = allow SID = S-1-22-2-0 gid 0 (0) SMB_ACL_GROUP
perms rwx
I could see in the source of smbldap.c the 'offending line' but it didn't
help this much since the only way I could devise to correct the problem
was to recompile the program with NO_LDAP_SECURITY, which seemed to me to
be not what I should do.
I can also read in the log that it looks for a group with 'gidNumber=0'
(what I have none). I could not see if these two messages are related.
Thanks for any help.
Ricardo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..
Ricardo Dias Campos wrote:
> Hi, people.
>
> I've sent a message looking for help but I had no answer. I don't know
> whether no one could help or there is missing information or this is the
> wrong list to post the message.
>
> Can some one give me some help?
>
> Ricardo
>
> On Tue, 17 Apr 2007, Ricardo Dias Campos wrote:
>
Did you notice this line?
smbldap_open: cannot access LDAP when not root..
might have your binding ldap directives incorrect
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
[Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..
Hi, people.
I've sent a message looking for help but I had no answer. I don't know
whether no one could help or there is missing information or this is the
wrong list to post the message.
Can some one give me some help?
Ricardo
On Tue, 17 Apr 2007, Ricardo Dias Campos wrote:
> Hi.
>
> I'm dealing with this "lib/smbldap.c:smbldap_open(1009)" message in the
> log file. I tried to find some hint in the net but I couldn't find
> anything that pointed to a solution.
>
> Below are the surrounding messages in a excerpt of the log file:
>
> [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
> fetch sid from uid cache 1088 -> S-1-5-21-2852544288-689542784-3650984603-3176
> [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
> fetch sid from uid cache 1124 -> S-1-5-21-2852544288-689542784-3650984603-3248
> [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
> fetch sid from uid cache 1144 -> S-1-5-21-2852544288-689542784-3650984603-3288
> [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
> fetch sid from uid cache 1254 -> S-1-5-21-2852544288-689542784-3650984603-3508
> [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache(918)
> fetch sid from uid cache 1322 -> S-1-5-21-2852544288-689542784-3650984603-3644
> [2007/04/02 17:31:10, 5] lib/smbldap.c:smbldap_search_ext(1179)
> smbldap_search_ext: base => [ou=grupos,dc=xxxx,dc=yyy,dc=zz], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=0))], scope => [2]
> [2007/04/02 17:31:10, 0] lib/smbldap.c:smbldap_open(1009)
> smbldap_open: cannot access LDAP when not root..
> [2007/04/02 17:31:10, 10] passdb/lookup_sid.c:gid_to_sid(1137)
> gid_to_sid: local 0 -> S-1-22-2-0
> [2007/04/02 17:31:10, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache(995)
> fetch sid from gid cache 1012 -> S-1-5-21-2852544288-689542784-3650984603-3025
> [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2205)
> canonicalise_acl: Access ace entries before arrange :
> [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
> canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms ---
> [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
> canon_ace index 1. Type = allow SID = S-1-5-21-2852544288-689542784-3650984603-3025 gid 1012 (ensur) SMB_ACL_GROUP perms rwx
> [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218)
> canon_ace index 2. Type = allow SID = S-1-22-2-0 gid 0 (0) SMB_ACL_GROUP perms rwx
>
> I could see in the source of smbldap.c the 'offending line' but it didn't
> help this much since the only way I could devise to correct the problem
> was to recompile the program with NO_LDAP_SECURITY, which seemed to me to
> be not what I should do.
>
> I can also read in the log that it looks for a group with 'gidNumber=0'
> (what I have none). I could not see if these two messages are related.
>
> Thanks for any help.
>
> Ricardo
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..
Hi, James.
Thank you for your reply.
On Wed, 18 Apr 2007, James Tran wrote:
> Did you notice this line?
> smbldap_open: cannot access LDAP when not root..
Yes, I did.
> might have your binding ldap directives incorrect
May be you are right but this could not explain why everything functions
OK. People can log into the server, can share files and so on.
Nevertheless I get thousands of messages like that all the time making the
system slow. By the way, making the system slow and a lot of log messages
are the only 'sensible' problems, if you understand.
Another thing I could not understand is why we have the option in smbldap
of not having the test if geteuid is root. As I could recompile smbd
taking this test out it seems to be unnecessary...
Thank you again for your reply. I'll dive into the conf files
looking for any ldap misconfigurations.
Ricardo.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] help on lib/smbldap.c:smbldap_open(1009) smbldap_open: cannot access LDAP when not root..
Ricardo Dias Campos wrote:
> Hi, James.
>
> Thank you for your reply.
>
> On Wed, 18 Apr 2007, James Tran wrote:
>
>
>> Did you notice this line?
>> smbldap_open: cannot access LDAP when not root..
>>
>
> Yes, I did.
>
>
>> might have your binding ldap directives incorrect
>>
>
> May be you are right but this could not explain why everything functions
> OK. People can log into the server, can share files and so on.
> Nevertheless I get thousands of messages like that all the time making the
> system slow. By the way, making the system slow and a lot of log messages
> are the only 'sensible' problems, if you understand.
>
> Another thing I could not understand is why we have the option in smbldap
> of not having the test if geteuid is root. As I could recompile smbd
> taking this test out it seems to be unnecessary...
>
> Thank you again for your reply. I'll dive into the conf files
> looking for any ldap misconfigurations.
>
> Ricardo.
>
>
Yeah other thing u might wanna check is that the ACL directives in your
LDAP server are correct
i noticed this
smbd/posix_acls.c:canonicalise_acl
it's possible that you gave permissions to certain parts of your ldap directory and not others that samba needs.
i'd double check your ACLs
and if they are correct and it's possible restart your ldap server just to make sure things populated correctly.
If you have a slave it shouldn't be a problem but i dunno what kinda config u got there
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
