Date: Mon, 05 Apr 2004 20:33:24 +0800 From: Suhaimi Jamalludin <suhaimi.j@mimos.my> To: freebsd-questions@freebsd.org Subject: Why samba-3.0.2a_1 give me this error "process_request_pdu: failed to do schannel processing" Message-ID: <40715214.2040509@mimos.my>
next in thread | raw e-mail | index | archive | help
Hi All,
Need your expert advice regarding Samba3 + OpenLDAP.
I have configure openldap and Samba3 on my FreeBSD5.2.1. I have make
Samba3 as a PDC on and Authenticate using LDAP.
Everythings works fine.... I can login using sambauser1 to my Samba3-PDC
and do profile roaming. However I come accross bellow error message on
my /var/log/message and it's really annoying me.
Can some body advice me how to make this error go away...I'm in the
final phase to real the system to my user.
Short Error Message Desc:
---------------------------
failed to decode PDU
process_request_pdu: failed to do schannel processing.
smbldap_open: cannot access LDAP when not root..
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(Insufficient access)
ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com,
(&(objectClass=posixGroup)(gidNumber=4294967295))
OS: FreeBSD 5.2.1-RELEASE-p4
Application: openldap-server-2.1.29, openldap-client-2.1.29,
samba-3.0.2a_1,1, pam_ldap-1.6.9, nss_ldap-1.204_5
Really appreciate your advice.
Thanks & regards,
Suhaimi
# more /var/log/message
Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0]
rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
Apr 5 14:58:38 my-svr smbd[1034]: failed to decode PDU
Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0]
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Apr 5 14:58:38 my-svr smbd[1034]: process_request_pdu: failed to do
schannel processing.
Apr 5 14:59:21 my-svr kernel: Connection attempt to TCP 10.1.6.111:80
from 10.1.6.185:4472 flags:0x02
Apr 5 14:59:22 my-svr last message repeated 2 times
Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0]
smbd/service.c:make_connection(857)
Apr 5 14:59:23 my-svr smbd[1036]: suhaimi-wxp (10.1.6.185) couldn't
find service home
Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0]
smbd/service.c:make_connection(857)
Apr 5 14:59:23 my-svr smbd[1036]: suhaimi-wxp (10.1.6.185) couldn't
find service home
Apr 5 14:59:23 my-svr kernel: Connection attempt to TCP 10.1.6.111:80
from 10.1.6.185:4473 flags:0x02
Apr 5 14:59:24 my-svr last message repeated 2 times
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was:
ou=groups,dc=test,dc=com,
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was:
ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was:
ou=groups,dc=test,dc=com,
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was:
ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was:
ou=groups,dc=test,dc=com,
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was:
ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was:
ou=groups,dc=test,dc=com,
(&(objectClass=sambaGroupMapping)(gidNumber=4294967295))
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
lib/smbldap.c:smbldap_open(807)
Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when
not root..
Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1668)
Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem
during the LDAP search: LDAP error: (Insufficient access)
# net groupmap list
Domain Admins (S-1-5-21-3352325568-799001569-404782780-512) -> Domain Admins
Domain Users (S-1-5-21-3352325568-799001569-404782780-513) -> Domain Users
Domain Guests (S-1-5-21-3352325568-799001569-404782780-514) -> Domain Guests
Print Operators (S-1-5-21-3352325568-799001569-404782780-550) -> Print
Operators
Backup Operators (S-1-5-21-3352325568-799001569-404782780-551) -> Backup
Operators
Replicator (S-1-5-21-3352325568-799001569-404782780-552) -> Replicator
Domain Computers (S-1-5-21-3352325568-799001569-404782780-553) -> Domain
Computers
unixgrp (S-1-5-21-3352325568-799001569-404782780-21000) -> unixgrp
# more /usr/local/etc/smb.conf
[global]
workgroup = TEST
netbios name = TEST01
server string = TEST-PDC-SERVER
comment = TEST-PDC-SERVER
log file = /var/log/samba/%m.log
log level = 10
max log size = 50
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
security = user
null passwords = yes
encrypt passwords = yes
passwd chat debug = yes
passwd program =/usr/local/bin/smbldap-passwd -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/
ldap admin dn = cn=Manager,dc=test,dc=com
ldap ssl = no
ldap suffix = dc=test,dc=com
ldap machine suffix = ou=computers
ldap group suffix = ou=groups
ldap user suffix = ou=users
ldap passwd sync = yes
local master = yes
domain master = yes
domain logons = yes
preferred master = yes
os level = 80
wins support = yes
wins proxy = yes
dns proxy = yes
name resolve order = wins lmhosts host bcast
host msdfs = yes
idmap backend = ldap:ldap://127.0.0.1
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
idmap gid = 10000-20000
idmap uid = 10000-20000
guest account = nobody
username map = /usr/local/etc/smbusers
hide dot files = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.doc/*.xls/*.mdb/
dos charset = CP850
unix charset = ISO8859-1
display charset = ISO8859-1
add machine script = /usr/local/sbin/smbldap-useradd -w %ms"
add user script = /usr/local/sbin/smbldap-useradd -a %u
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd %g
delete group script = /usr/local/sbin/smbldap-groupdel %g
add user to group script = /usr/local/sbin/smbldap-groupmod" -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod
-x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod -G %g %u
# more /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 296
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
allow bind_v2
password-hash {SSHA}
database bdb
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
rootpw {SSHA}As4yTudmMl4LeWKZJvHS5urwSZvS4aSb
directory /var/db/test.com
mode 0600
index objectClass eq
index cn,sn,uid,memberUid,mail pres,eq
index uidNumber,gidNumber eq
index displayName pres,eq
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40715214.2040509>