Bug 5500 - domain logon - cannot access LDAP when not root
Summary: domain logon - cannot access LDAP when not root
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.2.0
Hardware: x86 Linux
: P3 regression
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
: 5660 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-05-29 07:51 UTC by mathion
Modified: 2008-08-04 07:59 UTC (History)
1 user (show)

See Also:


Attachments
samba config and log files w/debug level 10 (383.78 KB, text/plain)
2008-05-30 14:46 UTC, mathion
no flags Details
correct log file w/ log leve = 10 (417.67 KB, text/plain)
2008-06-14 02:07 UTC, mathion
no flags Details
patch (509 bytes, patch)
2008-06-14 02:45 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description mathion 2008-05-29 07:51:17 UTC
Hi,
I've migrated to SAMBA 3.2.0pre1 with OpenLDAP from stable version (previously with Mysql pdb backend). 

Now, when I try to logon some Windows host do domain, it does nothing, with error message "Domain is not available at the moment...". However, when I log as local Win. user, then I can remove, and add computers to domain, browse shares, print, etc. normally as before (using Samba/Domain accounts).

I'm running samba daemons from xinetd (user is set to root).

PS: I don't know if it is a bug or some misconfiguration or broken import of old data.

# here's part of samba/smbd log for logon try:
[2008/05/27 17:09:16,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2008/05/27 17:09:16,  2] smbd/sesssetup.c:setup_new_vc_session(1363)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2008/05/27 17:09:16,  2] passdb/pdb_ldap.c:init_sam_from_ldap(570)
  init_sam_from_ldap: Entry found for user: pc09vm$
[2008/05/27 17:09:16,  2] passdb/pdb_ldap.c:init_group_from_ldap(2343)
  init_group_from_ldap: Entry found for group: 5010
[2008/05/27 17:09:17,  2] passdb/pdb_ldap.c:init_group_from_ldap(2343)
  init_group_from_ldap: Entry found for group: 5010
[2008/05/27 17:09:17,  0] lib/smbldap.c:smbldap_open(1005)
  smbldap_open: cannot access LDAP when not root..
Comment 1 Jeremy Allison 2008-05-29 10:41:25 UTC
This needs to be investigated before 3.2 final ship.
Jeremy.
Comment 2 Volker Lendecke 2008-05-30 07:04:07 UTC
Can you please upload your smb.conf together with a debug level 10 log of smbd leading to this error?

Thanks,

Volker
Comment 3 mathion 2008-05-30 14:46:05 UTC
Created attachment 3321 [details]
samba config and log files w/debug level 10

this are my config file, and logs for smbd and machine, from which i try to log onto domain
Comment 4 Volker Lendecke 2008-06-09 04:06:12 UTC
There is no message "cannot access LDAP when not root" in your log file. Maybe that is because you redirected the log file via 

log file = /var/log/samba/samba.%m

to a different location. Please upload the correct log file.

Thanks,

Volker
Comment 5 mathion 2008-06-14 02:07:54 UTC
Created attachment 3343 [details]
correct log file w/ log leve = 10

vl.: yes, maybe it's because this... so, i've set logs to single file, and here is new log (i've checked, that message is here), sorry for inconvenience.
Comment 6 Volker Lendecke 2008-06-14 02:45:02 UTC
Created attachment 3344 [details]
patch

Can you try the attached patch?

Thanks,

Volker
Comment 7 mathion 2008-06-14 10:58:59 UTC
I've aplied the attached patch and it look like it worked for me, and the problem is now gone. 
There is no sign of "cannot access LDAP when not root" in log, and users can log on now. Thanks.
Comment 8 Volker Lendecke 2008-06-16 06:27:09 UTC
Pushed upstream -- thanks!

Volker
Comment 9 Volker Lendecke 2008-08-04 07:59:05 UTC
*** Bug 5660 has been marked as a duplicate of this bug. ***