Bug 281 - Log messages: smbldap_open: cannot access LDAP when not root..
Log messages: smbldap_open: cannot access LDAP when not root..
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.0preX
Other other
: P1 normal
: 3.0.1
Assigned To: Gerald (Jerry) Carter
:
: 458 (view as bug list)
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-08-07 23:11 UTC by Gerald (Jerry) Carter
Modified: 2005-08-24 10:11 UTC (History)
4 users (show)

See Also:


Attachments
patch for smbldap_open: cannot access LDAP when not root.. error (2.14 KB, patch)
2003-10-08 01:27 UTC, Alex Deiter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gerald (Jerry) Carter 2003-08-07 23:11:02 UTC
usually when trying to enumerate users or groups, or 
group mapping functions.
Comment 1 Gerald (Jerry) Carter 2003-08-10 23:56:47 UTC
local_gid_to_sid() needs a become/unbecome_root() around pdb_getgrgid()
call since LDAP opens require root to read the bind credentials
from secrets.tdb.  This is the only occurrence I can find of the log.
No other code paths that I have seen generate this error although they 
could still be there,
Comment 2 ajacoutot 2003-09-16 00:24:31 UTC
Using FreeBSD-5.1+samba-3.0RC3 and openldap.
I'm having the same problem, so I'm not sure this bug is really fixed.
All other features seem to work fine.
Here's what I have in my logs:

[2003/09/15 17:39:53, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1634)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(Insufficient access)smbldap_open: cannot access LDAP when not root..
[2003/09/15 17:39:53, 1] lib/smbldap.c:smbldap_retry_open(888)
  Connection to LDAP Server failed for the 1 try!
[2003/09/15 17:39:53, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1634)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(Insufficient access)asteinling (172.16.20.31) connect to service ajacoutot 
initially as user ajacoutot (uid=10000, gid=513) (pid 756)
[2003/09/15 17:39:54, 1] smbd/service.c:make_connection_snum(692)
  asteinling (172.16.20.31) connect to service netlogon initially as user 
ajacoutot (uid=10000, gid=513) (pid 756)
[2003/09/15 17:39:55, 0] smbd/nttrans.c:call_nt_transact_ioctl(1831)
  call_nt_transact_ioctl(0x90028): Currently not implemented.
Comment 3 Tim Potter 2003-09-16 21:50:07 UTC
*** Bug 458 has been marked as a duplicate of this bug. ***
Comment 4 Tim Potter 2003-09-16 21:51:57 UTC
reopening
Comment 5 Tim Potter 2003-09-16 22:04:44 UTC
Can you post a bit more of the log file (debug level 10 please) where this is
happening?  Search backwards for the string 'switch message' and grab everything
between that and the ldapsam_search_one_group error.
Comment 6 Jim Richardson 2003-09-17 05:01:15 UTC
I turned on debug level 10 but unfortunately I was not able to recreate an
occurrence of the message. The only change that I can recall making since
encountering the issue was to give my smb-admin LDAP access global write access
to LDAP. Apparently I had earlier only given it access to *.,o=mycompany, and it
had been failing to create the sambaDomain entry at the root of my LDAP tree.
Comment 7 Cristiano José Sulzbach 2003-09-17 05:46:24 UTC
Maybe I can help (level 10 debug log).

I haven't found the "ldapsam_search_one_group" before the "cannot access LDAP 
when not root.." string.

(Sorry about my bad english...)


[2003/09/17 09:23:47, 3] smbd/process.c:switch_message(685)
  switch message SMBtrans (pid 15813)
[2003/09/17 09:23:47, 4] smbd/uid.c:change_to_user(122)
  change_to_user: Skipping user change - already user
[2003/09/17 09:23:47, 3] smbd/ipc.c:reply_trans(514)
  trans <\PIPE\> data=52 params=0 setup=2
[2003/09/17 09:23:47, 5] smbd/ipc.c:reply_trans(533)
  calling named_pipe
[2003/09/17 09:23:47, 3] smbd/ipc.c:named_pipe(326)
  named pipe command on <> name
[2003/09/17 09:23:47, 5] smbd/ipc.c:api_fd_reply(267)
  api_fd_reply
[2003/09/17 09:23:47, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1151)
  search for pipe pnum=778a
[2003/09/17 09:23:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155)
  pipe name lsarpc pnum=778b (pipes_open=2)
[2003/09/17 09:23:47, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1155)
  pipe name samr pnum=778a (pipes_open=2)
[2003/09/17 09:23:47, 3] smbd/ipc.c:api_fd_reply(288)
  Got API command 0x26 on pipe "samr" (pnum 778a)api_fd_reply: p:0x8387d08 
max_trans_reply: 1024
[2003/09/17 09:23:47, 6] rpc_server/srv_pipe_hnd.c:write_to_pipe(852)
  write_to_pipe: 778a name: samr open: Yes len: 52
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874)
  write_to_pipe: data_left = 52
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778)
  process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 0, 
incoming data = 52
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:fill_rpc_header(401)
  fill_rpc_header: data_to_copy = 52, len_needed_to_complete_hdr = 16, 
receive_len = 0
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878)
  write_to_pipe: data_used = 16
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874)
  write_to_pipe: data_left = 36
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778)
  process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0, 
incoming data = 36
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_debug(81)
  000000 smb_io_rpc_hdr
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0000 major     : 05
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0001 minor     : 00
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0002 pkt_type  : 00
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0003 flags     : 03
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0004 pack_type0: 10
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0005 pack_type1: 00
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0006 pack_type2: 00
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8(576)
      0007 pack_type3: 00
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint16(605)
      0008 frag_len  : 0034
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint16(605)
      000a auth_len  : 0000
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      000c call_id   : 0000000f
[2003/09/17 09:23:47, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(488)
  unmarshall_rpc_header: using little-endian RPC
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(517)
  unmarshall_rpc_header: type = 0, flags = 3
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878)
  write_to_pipe: data_used = 0
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874)
  write_to_pipe: data_left = 36
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(778)
  process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 36, 
incoming data = 36
[2003/09/17 09:23:47, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(722)
  process_complete_pdu: processing packet type 0
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_debug(81)
  000000 smb_io_rpc_hdr_req req
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0000 alloc_hint: 0000001c
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint16(605)
      0004 context_id: 0000
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint16(605)
      0006 opnum     : 000f
[2003/09/17 09:23:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 0
[2003/09/17 09:23:47, 5] rpc_server/srv_pipe.c:api_pipe_request(1454)
  Requested \PIPE\samr
[2003/09/17 09:23:47, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488)
  api_rpcTNP: samr op 0xf - api_rpcTNP: rpc command: SAMR_ENUM_DOM_ALIASES
[2003/09/17 09:23:47, 6] rpc_server/srv_pipe.c:api_rpcTNP(1514)
  api_rpc_cmds[6].fn == 0x812b530
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_debug(81)
  000000 samr_io_q_enum_dom_aliases
[2003/09/17 09:23:47, 6] rpc_parse/parse_prs.c:prs_debug(81)
      000000 smb_io_pol_hnd pol
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          0000 data1: 00000000
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint32(634)
          0004 data2: 0000000a
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint16(605)
          0008 data3: 0000
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint16(605)
          000a data4: 0000
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint8s(721)
          000c data5: 4f 52 68 3f c5 3d 00 00
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0014 start_idx: 00000000
[2003/09/17 09:23:47, 5] rpc_parse/parse_prs.c:prs_uint32(634)
      0018 max_size : 0000ffff
[2003/09/17 09:23:47, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal
(162)
  Found policy hnd[1] [000] 00 00 00 00 0A 00 00 00  00 00 00 00 4F 52 68 
3F  ........ ....ORh?
  [010] C5 3D 00 00                                       .=..
[2003/09/17 09:23:47, 5] rpc_server/srv_samr_nt.c:access_check_samr_function
(106)
  _samr_enum_dom_aliases: access check ((granted: 0x00020381;  required: 
0x00000100)
[2003/09/17 09:23:47, 5] rpc_server/srv_samr_nt.c:_samr_enum_dom_aliases(1111)
  samr_reply_enum_dom_aliases: sid S-1-5-32
[2003/09/17 09:23:47, 5] rpc_server/srv_samr_nt.c:get_group_alias_entries(892)
  get_group_alias_entries: enumerating aliases on SID: S-1-5-32
[2003/09/17 09:23:47, 0] lib/smbldap.c:smbldap_open(801)
  smbldap_open: cannot access LDAP when not root..
[2003/09/17 09:23:47, 1] lib/smbldap.c:smbldap_retry_open(890)
  Connection to LDAP Server failed for the 1 try!
[2003/09/17 09:23:47, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2085)
  LDAP search failed: Insufficient access
Comment 8 Alex Deiter 2003-10-08 01:27:25 UTC
Created attachment 188 [details]
patch for smbldap_open: cannot access LDAP when not root.. error

here is a small patch for "smbldap_open: cannot access LDAP when not root.."
error.
Apply to CVS SAMBA_3_0

P.S. Howto reproduce this error:

login to domain member workstation as Domain User (not administrator or member
Domain Admins group!). Open properties any file/folder, select security, add
any domain group and click OK. This take error: "Group not found". In samba
logs:

[2003/10/06 17:55:01, 0, effective(2019, 2513), real(0, 0)]
lib/smbldap.c:smbldap_open(799)
  smbldap_open: cannot access LDAP when not root..
[2003/10/06 17:55:01, 1, effective(2019, 2513), real(0, 0)]
lib/smbldap.c:smbldap_retry_open(888)
  Connection to LDAP Server failed for the 1 try!
[2003/10/06 17:55:01, 0, effective(2019, 2513), real(0, 0)]
passdb/pdb_ldap.c:ldapsam_setsamgrent(2066)
  ldapsam_setsamgrent: LDAP search failed: Insufficient access
[2003/10/06 17:55:01, 0, effective(2019, 2513), real(0, 0)]
passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2131)
  ldapsam_enum_group_mapping: Unable to open passdb

Thanks!
Comment 9 Gerald (Jerry) Carter 2003-11-07 15:00:49 UTC
patch looks right.  Applied and will be 
in 3.0.1pre2.  Thanks.
Comment 10 Gerald (Jerry) Carter 2003-11-24 06:44:24 UTC
reopened....

From Pavel <admin@afei.itech.ru>:

I download Samba_3_0 sources at 10 
Nov 2003 to fix this problem and It work - I can set 
permissions for shares. Then I log in as member
of Domain Admin group on WinME workstation, then
run a User Manager for Domains (from NEXUS) on 
WinME  and connect to my PDC, I can see the list
of users and non-builtin groups, but I can not see 
the user properties. The User Manager say "The following 
error occured accessing the properties of user <username
Access denie> The user properties cannot be edited or 
viewed at this time"
Comment 11 Gerald (Jerry) Carter 2003-11-24 06:44:51 UTC
*** Bug 751 has been marked as a duplicate of this bug. ***
Comment 12 Gerald (Jerry) Carter 2003-11-24 09:31:01 UTC
Added a few more fixes for this one.  I think this is 
all of them now.
Comment 13 Stéphane Olivier 2003-12-10 03:24:06 UTC
i got an identical problem with 3.0.1rc2 cvs 5Dec
when i boot my winXP pro SP1 with network cable plugged, i got next lines in 
log.computer.
When i press CTRL+ALT+DEL, my PC hangs and i can't get the logon screen.
When i boot my WinXP witout network cable plugged, i can get the logon screen 
by pressing CTRL+ALT+DEL. i plug my network cable before validate my log/pass.
And all seems to be OK.
I don't have this problem when, after starting samba, i delete the secrets.tdb 
and regenerate it with smbpasswd -w mypass and net setlocalsid S------*
With this method, i didn't have these errors. But Samba didn't work because 
the inode of secrets.tdb has changed.


[2003/12/10 11:54:34, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1636)
  ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)
(sambaSID=S-1-5-21-4156064506-1264812908-1873560680-512))]
[2003/12/10 11:54:34, 0] lib/smbldap.c:smbldap_open(801)
  smbldap_open: cannot access LDAP when not root..
[2003/12/10 11:54:34, 1] lib/smbldap.c:smbldap_retry_open(890)
  Connection to LDAP Server failed for the 1 try!
[2003/12/10 11:54:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1651)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(Insufficient access)
  ldapsam_search_one_group: Query was: ou=Groups,dc=blagden, (&
(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-4156064506-1264812908-
1873560680-512))
Comment 14 Gerald (Jerry) Carter 2003-12-10 06:15:31 UTC
This is the bug that won't die. :-(

Stéphane,   Can you send me a full level 10 debug log 
so I can see the RPC calls currounding the error.
Comment 15 Gerald (Jerry) Carter 2003-12-10 06:16:01 UTC
Comment on attachment 188 [details]
patch for smbldap_open: cannot access LDAP when not root.. error

patch has been applied
Comment 16 Gerald (Jerry) Carter 2003-12-10 08:41:06 UTC
I've checked in more fixes now to be included in 3.0.1rc2.
Optimistically marked this as fixed (again).
Comment 17 Stéphane Olivier 2003-12-11 07:41:23 UTC
my boot problem was resolved by compiling latest CVS 3.0.2pre1

regards
Comment 18 Gerald (Jerry) Carter 2005-02-07 08:41:18 UTC
originally reported against 3.0.0beta3.  CLeaning out 
non-production release versions.
Comment 19 Christian "Xtra" Schiffler 2005-08-24 09:47:14 UTC
Reopening this Bug.

Reproduced on version 3.0.14a.

How to reproduce: Open NT User/Group Manager and try to add an user to an group.

System environment is an system that has all users and groups (except for root
and demon users/groups) stored in LDAP Database for domain wide login.

Log snippet with loglevel 10 is encluded.

[2005/08/24 18:25:45, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777)
  process_incoming_data: Start: pdu_received_len = 16, pdu_needed_len = 0,
incoming data = 110
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 smb_io_rpc_hdr
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0000 major     : 05
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0001 minor     : 00
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0002 pkt_type  : 00
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0003 flags     : 03
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0004 pack_type0: 10
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0005 pack_type1: 00
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0006 pack_type2: 00
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint8(584)
      0007 pack_type3: 00
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
      0008 frag_len  : 007e
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
      000a auth_len  : 0000
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
      000c call_id   : 00000046
[2005/08/24 18:25:45, 5] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(486)
  unmarshall_rpc_header: using little-endian RPC
[2005/08/24 18:25:45, 10] rpc_server/srv_pipe_hnd.c:unmarshall_rpc_header(515)
  unmarshall_rpc_header: type = 0, flags = 3
[2005/08/24 18:25:45, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(878)
  write_to_pipe: data_used = 0
[2005/08/24 18:25:45, 10] rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(874)
  write_to_pipe: data_left = 110
[2005/08/24 18:25:45, 10] rpc_server/srv_pipe_hnd.c:process_incoming_data(777)
  process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 110,
incoming data = 110
[2005/08/24 18:25:45, 10] rpc_server/srv_pipe_hnd.c:process_complete_pdu(720)
  process_complete_pdu: processing packet type 0
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 smb_io_rpc_hdr_req req
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
      0000 alloc_hint: 00000066
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
      0004 context_id: 0000
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
      0006 opnum     : 0015
[2005/08/24 18:25:45, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
  free_pipe_context: destroying talloc pool of size 0
[2005/08/24 18:25:45, 5] rpc_server/srv_pipe.c:api_pipe_request(1497)
  Requested \PIPE\samr
[2005/08/24 18:25:45, 4] rpc_server/srv_pipe.c:api_rpcTNP(1531)
  api_rpcTNP: samr op 0x15 - api_rpcTNP: rpc command: SAMR_SET_GROUPINFO
[2005/08/24 18:25:45, 6] rpc_server/srv_pipe.c:api_rpcTNP(1557)
  api_rpc_cmds[31].fn == 0x8141c80
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_q_set_groupinfo
[2005/08/24 18:25:45, 6] rpc_parse/parse_prs.c:prs_debug(82)
      000000 smb_io_pol_hnd pol
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
          0000 data1: 00000000
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
          0004 data2: 0000001d
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
          0008 data3: 0000
          0014 switch_value1: 0004
[2005/08/24 18:25:45, 7] rpc_parse/parse_prs.c:prs_debug(82)
          000016 samr_io_group_info4 group_info4
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
              0016 hdr_level: 0004
[2005/08/24 18:25:45, 8] rpc_parse/parse_prs.c:prs_debug(82)
              000018 smb_io_unihdr hdr_acct_desc
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
                  0018 uni_str_len: 003a
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint16(613)
                  001a uni_max_len: 003c
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
                  001c buffer     : 00b36630
[2005/08/24 18:25:45, 8] rpc_parse/parse_prs.c:prs_debug(82)
              000020 smb_io_unistr2 uni_acct_desc
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
                  0020 uni_max_len: 0000001e
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
                  0024 offset     : 00000000
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:prs_uint32(642)
                  0028 uni_str_len: 0000001d
[2005/08/24 18:25:45, 5] rpc_parse/parse_prs.c:dbg_rw_punival(814)
                  002c buffer     : N.e.t.b.i.o.s. .D.o.m.a.i.n.
.A.d.m.i.n.i.s.t.r.a.t.o.r.s.
[2005/08/24 18:25:45, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
  Found policy hnd[0] [000] 00 00 00 00 1D 00 00 00  00 00 00 00 89 9F 0C 43 
........ .......C
  [010] 25 36 00 00                                       %6..
[2005/08/24 18:25:45, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(201)
  _samr_set_groupinfo: access check ((granted: 0x000d000f;  required: 0x00000002)
[2005/08/24 18:25:45, 10] groupdb/mapping.c:get_domain_group_from_sid(799)
  get_domain_group_from_sid
[2005/08/24 18:25:45, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(1000, 513) : sec_ctx_stack_ndx = 1
[2005/08/24 18:25:45, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2005/08/24 18:25:45, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/08/24 18:25:45, 5] auth/auth_util.c:debug_nt_user_token(485)
  NT user token: (NULL)
[2005/08/24 18:25:45, 5] auth/auth_util.c:debug_unix_user_token(506)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/08/24 18:25:45, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => [ou=Groups,dc=ubg,dc=nobis], filter =>
[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-4106371879-142849002-2088313151-512))],$
[2005/08/24 18:25:45, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 512
[2005/08/24 18:25:45, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (1000, 513) - sec_ctx_stack_ndx = 0
[2005/08/24 18:25:45, 10] groupdb/mapping.c:get_domain_group_from_sid(810)
  get_domain_group_from_sid: SID found in the TDB
[2005/08/24 18:25:45, 10] groupdb/mapping.c:get_domain_group_from_sid(817)
  get_domain_group_from_sid: SID is a domain group
  get_domain_group_from_sid: SID is a domain group
[2005/08/24 18:25:45, 10] groupdb/mapping.c:get_domain_group_from_sid(823)
  get_domain_group_from_sid: SID is mapped to gid:512
[2005/08/24 18:25:45, 10] groupdb/mapping.c:get_domain_group_from_sid(831)
  get_domain_group_from_sid: gid exists in UNIX security
[2005/08/24 18:25:45, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => [ou=Groups,dc=ubg,dc=nobis], filter =>
[(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=512))],
scope => [2]
[2005/08/24 18:25:45, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:45, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 1 try!
[2005/08/24 18:25:46, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:46, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 2 try!
[2005/08/24 18:25:47, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:47, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 3 try!
[2005/08/24 18:25:48, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:48, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 4 try!
[2005/08/24 18:25:49, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:49, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 5 try!
[2005/08/24 18:25:50, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:50, 1] lib/smbldap.c:another_ldap_try(1011)
[2005/08/24 18:25:50, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 6 try!
[2005/08/24 18:25:51, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:51, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 7 try!
[2005/08/24 18:25:52, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:52, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 8 try!
[2005/08/24 18:25:53, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:53, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 9 try!
[2005/08/24 18:25:54, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:54, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 10 try!
[2005/08/24 18:25:55, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:55, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 11 try!
[2005/08/24 18:25:56, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:56, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 12 try!
[2005/08/24 18:25:57, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:57, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 13 try!
[2005/08/24 18:25:58, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:58, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 14 try!
[2005/08/24 18:25:59, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:25:59, 1] lib/smbldap.c:another_ldap_try(1011)
  Connection to LDAP server failed for the 15 try!
[2005/08/24 18:26:00, 0] lib/smbldap.c:smbldap_open(882)
  smbldap_open: cannot access LDAP when not root..
[2005/08/24 18:26:00, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  (Timed out)
  ldapsam_search_one_group: Query was: ou=Groups,dc=ubg,dc=nobis,
(&(|(objectClass=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=512))
[2005/08/24 18:26:00, 5] rpc_parse/parse_prs.c:prs_debug(82)
  000000 samr_io_r_set_groupinfo
[2005/08/24 18:26:00, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
      0000 status: NT_STATUS_NO_SUCH_GROUP
Comment 20 Gerald (Jerry) Carter 2005-08-24 10:11:57 UTC
please don't reopen this bug.  Start a new one.  I'ts pretty 
much guaranteed that you are seeing a different issue.
And please include log files as attachements and not inline.