When using User Manager for Domains on a WinXP machine and connecting to a Samba 3.0.11 or 3.0.12 PDC, functionality related to directly working with Groups does not work as expected. Example 1: Login with account that has been granted "SeAddUsersPrivilege". Create a Group named "Test" Click OK Receive message "Access Denied". Click OK Refresh list of groups. Final Result: "Test" is now a valid group. Example 2: Login with account that has been granted "SeAddUsersPrivilege". Edit existing Group by double-clicking on it Add user Tester to Group Click OK Receive message "Access Denied". Final Result: No changes were made. log.smbd contains errors like the following relating to this bug: [2005/03/20 11:29:37, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. Example of something that works: Login with account that has been granted "SeAddUsersPrivilege". Double-click on user Tester's entry Click on Group button Add Group "Test" to Tester's groups Click OK Final Result: Changes made as expected.
*** Bug 2686 has been marked as a duplicate of this bug. ***
I observed the same behaviour using User Manager on a Win2003 SP1 machine against a Samba 3.0.14a server. I granted all privileges to the Domain Admins group. A user (uid <> 0) who is member of the Domain Admins group cannot change group memberships by double clicking on the group. In the smbd log I see also [2005/06/21 05:04:51, 1] lib/smbldap.c:another_ldap_try(1011) Connection to LDAP server failed for the 15 try! [2005/06/21 05:04:52, 0] lib/smbldap.c:smbldap_open(882) smbldap_open: cannot access LDAP when not root.. [2005/06/21 05:04:52, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Timed out) This was a pity as I was just showing off the new User Manager compatibility for non-root users ...
has been fixed in 3.0.20a
Created attachment 1718 [details] Level 10 log taken while the issue was recreated. Samba version 3.0.20b.
Example 1 seems to have been fixed, however example 2 continues to pose a problem. The error message using User Manager for Domains for Win2k3 server on an XP workstation reads: "The following error occurred changing the properties of the global group Test The user name could not be found". This appears to be intermittent - about 5% of the time it works as expected. The rest of the time it doesn't.
James, please open a new bug report rather than adding log files to a closed one.