Thanks Dale,

Yes, i tried those things.

I now have it working, but the answer was to not use the version of Samba
that comes with Fedora 9 (3.2.0pre3, I think)

I compiled 3.0.29 myself, then re-installed all the tdbs and LDAP stuff
from the old server, then fired up that version, and all was well.

BTW - to get 3.0.29 to compile on Fedora 9, I had to comment out some
lines starting on line 37 or oplock_linux.c to remove the capget/capset
stuff.In case anyone needs it, here's a patch:

-----8<----- PUT THIS IN samba-3.0.29/source/smbd, save it as
Fedora9-patch1.diff and run 'patch -p0 < Fedora9-patch1.diff -----8<-----
--- oplock_linux.c-orig 2008-05-27 13:17:16.000000000 -0400
+++ oplock_linux.c 2008-05-27 13:17:29.000000000 -0400
@@ -34,11 +34,11 @@
uint32 inheritable;
} data;

-extern int capget(struct cap_user_header * hdrp,
+/* extern int capget(struct cap_user_header * hdrp,
struct cap_user_data * datap);
extern int capset(struct cap_user_header * hdrp,
const struct cap_user_data * datap);
static SIG_ATOMIC_T signals_received;
#define FD_PENDING_SIZE 100
static SIG_ATOMIC_T fd_pending_array[FD_PENDING_SIZE];


Dale Schroeder
05/27/2008 01:10 PM


Re: [Samba] smbldap_open: cannot access LDAP when not root..


You may have already done this, but ==>

The only thing I can think of is rerunning "smbpasswd -w".

There's also mention of file permission changes here:

Good luck,
Dale wrote:
> Greetings list,
> I just upgraded my main file server, and copied over a dump of my LDAP
> database, samba conf files, tdbs, etc.
> Everything fired up OK and runs, except:
> -Some users (perhaps 5 or 6 out of 125) can't log in, getting the

> unavailable" message
> -I can't rejoin them to the domain - the process appears to succeed, but

> doesn't
> -One of the machine accounts that doesn't work is my main print server

> The only log error I get is:
> [2008/05/27 10:21:43, 0] lib/smbldap.c:smbldap_open(1005)
> smbldap_open: cannot access LDAP when not root..
> This occurs periodically in EVERY log file, even for working

> I have re-done granting rights to root/Administrator. I've

> everything I can think of, to no avail.
> Ideas would be greatly appreciated.
> Thanks,
> -John

This e-mail is intended only for the named person or entity to which it
is addressed and contains valuable business information that is
privileged, confidential and/or otherwise protected from disclosure.
Dissemination, distribution or copying of this e-mail or the information
herein by anyone other than the intended recipient, or an employee, or
agent responsible for delivering the message to the intended recipient,
is strictly prohibited. All contents are the copyright property of the
sender. If you are not the intended recipient, you are nevertheless
bound to respect the sender's worldwide legal rights. We require that
unintended recipients delete the e-mail and destroy all electronic
copies in their system, retaining no copies in any media. If you have
received this e-mail in error, please immediately notify us by calling
our Help Desk at (603) 433-1143, or e-mail to
We appreciate your cooperation.

To unsubscribe from this list go to the following URL and read the