From owner-freebsd-questions@FreeBSD.ORG Mon Apr 5 05:33:35 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C0E416A4CE for ; Mon, 5 Apr 2004 05:33:35 -0700 (PDT) Received: from filter.mimos.my (filter.mimos.my [192.228.137.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CC0443D1D for ; Mon, 5 Apr 2004 05:33:32 -0700 (PDT) (envelope-from suhaimi.j@mimos.my) Received: from ew.mimos.my (localhost.localdomain [127.0.0.1]) by filter.mimos.my (8.11.6/8.11.6) with ESMTP id i35CXRF26115 for ; Mon, 5 Apr 2004 20:33:27 +0800 Received: from mimos.my (niser185.nat.mimos.my [10.1.6.185]) by ew.mimos.my (8.12.9p2/8.12.9) with ESMTP id i35CXQk9019561 for ; Mon, 5 Apr 2004 20:33:26 +0800 (MYT) (envelope-from suhaimi.j@mimos.my) Message-ID: <40715214.2040509@mimos.my> Date: Mon, 05 Apr 2004 20:33:24 +0800 From: Suhaimi Jamalludin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new Subject: Why samba-3.0.2a_1 give me this error "process_request_pdu: failed to do schannel processing" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 12:33:35 -0000 Hi All, Need your expert advice regarding Samba3 + OpenLDAP. I have configure openldap and Samba3 on my FreeBSD5.2.1. I have make Samba3 as a PDC on and Authenticate using LDAP. Everythings works fine.... I can login using sambauser1 to my Samba3-PDC and do profile roaming. However I come accross bellow error message on my /var/log/message and it's really annoying me. Can some body advice me how to make this error go away...I'm in the final phase to real the system to my user. Short Error Message Desc: --------------------------- failed to decode PDU process_request_pdu: failed to do schannel processing. smbldap_open: cannot access LDAP when not root.. ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295)) OS: FreeBSD 5.2.1-RELEASE-p4 Application: openldap-server-2.1.29, openldap-client-2.1.29, samba-3.0.2a_1,1, pam_ldap-1.6.9, nss_ldap-1.204_5 Really appreciate your advice. Thanks & regards, Suhaimi # more /var/log/message Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1371) Apr 5 14:58:38 my-svr smbd[1034]: failed to decode PDU Apr 5 14:58:38 my-svr smbd[1034]: [2004/04/05 14:58:38, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) Apr 5 14:58:38 my-svr smbd[1034]: process_request_pdu: failed to do schannel processing. Apr 5 14:59:21 my-svr kernel: Connection attempt to TCP 10.1.6.111:80 from 10.1.6.185:4472 flags:0x02 Apr 5 14:59:22 my-svr last message repeated 2 times Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0] smbd/service.c:make_connection(857) Apr 5 14:59:23 my-svr smbd[1036]: suhaimi-wxp (10.1.6.185) couldn't find service home Apr 5 14:59:23 my-svr smbd[1036]: [2004/04/05 14:59:23, 0] smbd/service.c:make_connection(857) Apr 5 14:59:23 my-svr smbd[1036]: suhaimi-wxp (10.1.6.185) couldn't find service home Apr 5 14:59:23 my-svr kernel: Connection attempt to TCP 10.1.6.111:80 from 10.1.6.185:4473 flags:0x02 Apr 5 14:59:24 my-svr last message repeated 2 times Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295)) Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295)) Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295)) Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295)) Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295)) Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=posixGroup)(gidNumber=4294967295)) Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Query was: ou=groups,dc=test,dc=com, (&(objectClass=sambaGroupMapping)(gidNumber=4294967295)) Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] lib/smbldap.c:smbldap_open(807) Apr 5 14:59:50 my-svr smbd[1036]: smbldap_open: cannot access LDAP when not root.. Apr 5 14:59:50 my-svr smbd[1036]: [2004/04/05 14:59:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) Apr 5 14:59:50 my-svr smbd[1036]: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access) # net groupmap list Domain Admins (S-1-5-21-3352325568-799001569-404782780-512) -> Domain Admins Domain Users (S-1-5-21-3352325568-799001569-404782780-513) -> Domain Users Domain Guests (S-1-5-21-3352325568-799001569-404782780-514) -> Domain Guests Print Operators (S-1-5-21-3352325568-799001569-404782780-550) -> Print Operators Backup Operators (S-1-5-21-3352325568-799001569-404782780-551) -> Backup Operators Replicator (S-1-5-21-3352325568-799001569-404782780-552) -> Replicator Domain Computers (S-1-5-21-3352325568-799001569-404782780-553) -> Domain Computers unixgrp (S-1-5-21-3352325568-799001569-404782780-21000) -> unixgrp # more /usr/local/etc/smb.conf [global] workgroup = TEST netbios name = TEST01 server string = TEST-PDC-SERVER comment = TEST-PDC-SERVER log file = /var/log/samba/%m.log log level = 10 max log size = 50 load printers = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 security = user null passwords = yes encrypt passwords = yes passwd chat debug = yes passwd program =/usr/local/bin/smbldap-passwd -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap admin dn = cn=Manager,dc=test,dc=com ldap ssl = no ldap suffix = dc=test,dc=com ldap machine suffix = ou=computers ldap group suffix = ou=groups ldap user suffix = ou=users ldap passwd sync = yes local master = yes domain master = yes domain logons = yes preferred master = yes os level = 80 wins support = yes wins proxy = yes dns proxy = yes name resolve order = wins lmhosts host bcast host msdfs = yes idmap backend = ldap:ldap://127.0.0.1 winbind separator = + winbind enum users = yes winbind enum groups = yes idmap gid = 10000-20000 idmap uid = 10000-20000 guest account = nobody username map = /usr/local/etc/smbusers hide dot files = yes veto files = /*.eml/*.nws/riched20.dll/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ dos charset = CP850 unix charset = ISO8859-1 display charset = ISO8859-1 add machine script = /usr/local/sbin/smbldap-useradd -w %ms" add user script = /usr/local/sbin/smbldap-useradd -a %u delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod" -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -G %g %u # more /usr/local/etc/openldap/slapd.conf include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/samba.schema loglevel 296 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args TLSCACertificateFile /usr/local/etc/openldap/cacert.pem TLSCertificateFile /usr/local/etc/openldap/servercrt.pem TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem allow bind_v2 password-hash {SSHA} database bdb suffix "dc=test,dc=com" rootdn "cn=Manager,dc=test,dc=com" rootpw {SSHA}As4yTudmMl4LeWKZJvHS5urwSZvS4aSb directory /var/db/test.com mode 0600 index objectClass eq index cn,sn,uid,memberUid,mail pres,eq index uidNumber,gidNumber eq index displayName pres,eq index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq