Failed to open /usr/local/samba/private/secrets.tdb

steve at hastingsfamily.com steve at hastingsfamily.com
Thu Oct 17 23:49:00 GMT 2002


All, 

TIA, I have a feeling this is a question everyone knows the answer to but 
me, why do I keep getting the message: 

Failed to open /usr/local/samba/private/secrets.tdb 

Solaris 8 02/02 release.  private/secrets.tdb does not exist, and 
/usr/local/samba is root:other ownership. /etc/init.d/samba.server start 
will start smbd and nmbd, nbtstat shows the share, but I can't create any 
samba users. smb.conf  and smb.log at bottom. 

When I run: 

#smbpasswd -a root
Failed to open /usr/local/samba/private/secrets.tdb
New SMB password:
Retype new SMB password:
unable to open passdb database.
startsmbfilepwent_internal: too many race conditions creating file 
/usr/local/samba/private/smbpasswd
add_smbfilepwd_entry: unable to open file.
Failed to add entry for user root.
Failed to modify password entry for user root
# 


This is created: 


Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/16 11:41:56, 
0] passdb/secrets.c:secrets_init(43)
 Failed to open /usr/local/samba/private/secrets.tdb
[2002/10/16 11:41:57, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163)
 pdb_generate_sam_sid: Failed to store generated machine SID. [2002/10/16 
11:41:57, 0] smbd/server.c:main(793)
 ERROR: Samba cannot create a SAM SID.
[2002/10/16 11:43:31, 0] smbd/server.c:main(707)
 smbd version 2.2.5 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/16 
11:43:31, 0] passdb/secrets.c:secrets_init(43)
 Failed to open /usr/local/samba/private/secrets.tdb
[2002/10/16 11:43:31, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163)
 pdb_generate_sam_sid: Failed to store generated machine SID. [2002/10/16 
11:43:31, 0] smbd/server.c:main(793)
 ERROR: Samba cannot create a SAM SID. 

 --------------------------------------------- 

smb.conf 

 ------------------------------------------------- 


# This is the main Samba configuration file. You should read the # 
smb.conf(5) manual page in order to understand the options listed # here. 
Samba has a huge number of configurable options (perhaps too # many!) most 
of which are not shown in this example # # Any line which starts with a ; 
(semi-colon) or a # (hash) # is a comment and is ignored. In this example we 
will use a # # for commentry and a ; for parts of the config file that you # 
may wish to enable # # NOTE: Whenever you modify this file you should run 
the command "testparm" # to check that you have not many any basic syntactic 
errors. # #======================= Global Settings 
=====================================
[global] 

##
## Basic Server Settings
## 

	# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
	workgroup = MYGROUP 

	# server string is the equivalent of the NT Description field
	server string = Samba Server 

	# This option is important for security. It allows you to restrict
	# connections to machines which are on your local network. The
	# following example restricts access to two C class networks and
	# the "loopback" interface. For more examples of the syntax see
	# the smb.conf man page
	; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 
127.0.0.1
	 hosts allow = 10.53.210.32 10.53.210.31 127.0.0.1 

	# Uncomment this if you want a guest account, you must add this to 
/etc/passwd
	# otherwise the user "nobody" is used
	; guest account = pcguest 

	# this tells Samba to use a separate log file for each machine
	# that connects
	log file = /usr/local/samba/var/log.%m 

	# How much information do you want to see in the logs?
	# default is only to log critical messages
	; log level = 4 

	# Put a capping on the size of the log files (in Kb).
	max log size = 50 

	# Security mode. Most people will want user level security. See
	# security_level.txt for details.
	security = user 

	# Using the following line enables you to customise your configuration
	# on a per machine basis. The %m gets replaced with the netbios name
	# of the machine that is connecting.
	# Note: Consider carefully the location in the configuration file of
	#       this line.  The included file is read at that point.
	;   include = /usr/local/samba/lib/smb.conf.%m 

	# Most people will find that this option gives better performance.
	# See speed.txt and the manual pages for details
	# You may want to add the following on a Linux system:
	#         SO_RCVBUF=8192 SO_SNDBUF=8192
	; socket options = TCP_NODELAY 

	# Configure Samba to use multiple interfaces
	# If you have multiple network interfaces and want to limit smbd will
	# use, list the ones desired here.  Otherwise smbd & nmbd will bind to all
	# active interfaces on the system.  See the man page for details.
	;   interfaces = 192.168.12.2/24 192.168.13.2/24
	   interfaces = 10.53.208.24/24 

	# Should smbd report that it has MS-DFS Capabilities? Only available
	# if --with-msdfs was passed to ./configure
	; host msdfs = yes 

##
## Network Browsing
##
	# set local master to no if you don't want Samba to become a master
	# browser on your network. Otherwise the normal election rules apply
	; local master = no 

	# OS Level determines the precedence of this server in master browser
	# elections. The default value (20) should be reasonable
	; os level = 20 

	# Domain Master specifies Samba to be the Domain Master Browser. This
	# allows Samba to collate browse lists between subnets. Don't use this
	# if you already have a Windows NT domain controller doing this job
	; domain master = yes 

	# Preferred Master causes Samba to force a local browser election on 
startup
	# and gives it a slightly higher chance of winning the election
	; preferred master = yes 


##
## WINS & Name Resolution
##
	# Windows Internet Name Serving Support Section:
	# WINS Support - Tells the NMBD component of Samba to enable it's WINS 
Server
	; wins support = yes 

	# WINS Server - Tells the NMBD components of Samba to be a WINS Client
	#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
	; wins server = w.x.y.z 

	# WINS Proxy - Tells Samba to answer name resolution queries on
	# behalf of a non WINS capable client, for this to work there must be
	# at least one	WINS Server on the network. The default is NO.
	; wins proxy = yes 

	# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
	# via DNS nslookups.
	dns proxy = no 


##
## Passwords & Authentication
##
	# Use password server option only with security = server
	# The argument list may include:
	#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
	# or to auto-locate the domain controller/s
	;   password server = *
	;   password server = <NT-Server-Name> 

	# You may wish to use password encryption. Please read
	# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
	# Do not enable this option unless you have read those documents
	;  encrypt passwords = yes 

	# Should smbd obey the session and account lines in /etc/pam.d/samba ?
	# only available if --with-pam was used at compile time
	; obey pam restrictions = yes 

	# When using encrypted passwords, Samba can synchronize the local
	# UNIX password as well.  You will also need the "passwd chat" parameters
	; unix passwword sync = yes 

	# how should smbd talk to the local system when changing a UNIX
	# password?  See smb.conf(5) for details
	; passwd chat = <custom chat string> 

	# This is only available if you compiled Samba to include --with-pam
	# Use PAM for changing the password
	; pam password change = yes 

##
## Domain Control
##
	# Enable this if you want Samba act as a domain controller.
	# make sure you have read the Samba-PDC-HOWTO included in the documentation
	# before enabling this parameter
	;   domain logons = yes 

	# if you enable domain logons then you may want a per-machine or
	# per user logon script
	# run a specific logon batch file per workstation (machine)
	; logon script = %m.bat
	# run a specific logon batch file per username
	; logon script = %U.bat 

	# Where to store roving profiles (only for Win95 and WinNT)
	#        %L substitutes for this servers netbios name, %U is username
	#        You must uncomment the [Profiles] share below
	; logon path = \\%L\Profiles\%U 

	# UNC path specifying the network location of the user's home directory
	# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
	; logon home = \\%L\%U 

	# What drive should the "logon home" be mounted at upon login ?
	# only used when acting as a DC for WinNT/2k/XP.  Ignored by Win9x clients
	; logon drive = H: 

##
## Printing
## 

	# If you want to automatically load your printer list rather
	# than setting them up individually then you'll need this
	load printers = yes 

	# you may wish to override the location of the printcap file
	; printcap name = /etc/printcap 

	# on SystemV system setting printcap name to lpstat should allow
	# you to automatically obtain a printer list from the SystemV spool
	# system
	; printcap name = lpstat 

	# It should not be necessary to specify the print system type unless
	# it is non-standard. Currently supported print systems include:
	# bsd, sysv, plp, lprng, aix, hpux, qnx
	; printing = bsd 

	# Enable this to make Samba 2.2 behavior just like Samba 2.0
	# not recommended nuless you are sure of what you are doing
	; disable spoolss = yes 

	# list of users and groups which should be able to remotely manage
	# printer drivers installed on the server
	; printer admin = root, +ntadmin 


##
## Winbind
## 

	# specify the uid range which can be used by winbindd
	# to allocate uids for Windows users as necessary
	; winbind uid = 10000-65000 

	# specify the uid range which can be used by winbindd
	# to allocate uids for Windows users as necessary
	; winbind gid = 10000-65000 

	# Define a home directory to be given to passwd(5) style entries
	# generated by libnss_winbind.so.  You can use variables here
	; winbind template homedir = /home/%D/%U 

	# Specify a shell for all winbind user entries return by the
	# libnss_winbind.so library.
	; winbind template shell = /bin/sh 

	# What character should be used to separate the DOMAIN and Username
	# for a Windows user.  The default is DOMAIN\user, but many people
	# prefer DOMAIN+user
	; winbind separator = + 


#============================ Share Definitions 
============================== [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    valid users = %S 

# Un-comment the following and create the netlogon directory for Domain 
Logons ; [netlogon]
;    comment = Network Logon Service
;    path = /usr/local/samba/lib/netlogon
;    guest ok = yes
;    writable = no
;    share modes = no 


# Un-comment the following to provide a specific roving profile share # the 
default is to use the user's home directory
#     comment = Home Directories
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes 


# NOTE: If you have a BSD-style print system there is no need to # 
specifically define each individual printer #[printers]
#   comment = All Printers
#   path = /usr/spool/samba
#   browseable = no
#   # Set public = yes to allow user 'guest account' to print
#   guest ok = no
#   writable = no
#   printable = yes 

# This one is useful for people to share files
#[tmp]
#   comment = Temporary file space
#   path = /tmp
#   read only = no
#   public = yes 


# MS-DFS support is only available if Samba was compiled to
# include --with-msdfs
;[dfsroot]
;   dfs root = yes 


# A publicly accessible directory, but read only, except for people in # the 
"staff" group ;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = yes
;   printable = no
;   write list = @staff 


##
## Other examples.
## 

# A private printer, usable only by fred. Spool data will be placed in 
fred's # home directory. Note that fred must have write access to the spool 
directory, # wherever it is. #[fredsprn]
#   comment = Fred's Printer
#   valid users = fred
#   path = /homes/fred
#   printer = freds_printer
#   public = no
#   writable = no
#   printable = yes 


# A private directory, usable only by fred. Note that fred requires write # 
access to the directory. #[fredsdir]
#   comment = Fred's Service
#   path = /usr/somewhere/private
#   valid users = fred
#   public = no
#   writable = yes 


# A private directory, usable only by fred. Note that fred requires write # 
access to the directory. [Assentor]
  comment = Assentor FTP Service
  path = /app/BBGMail
  valid users = letftp
  public = no
  writable = no
  printable = no 

# a service which has a different directory for each machine that connects # 
this allows you to tailor configurations to incoming machines. You could # 
also use the %U option to tailor it by user name. # The %m gets replaced 
with the machine name that is connecting. #[pchome] #  comment = PC 
Directories #  path = /usr/pc/%m #  public = no #  writable = yes 

# A publicly accessible directory, read/write to all users. Note that all 
files # created in the directory by users will be owned by the default user, 
so # any user with access can delete any other user's files. Obviously this 
# directory must be writable by the default user. Another user could of 
course # be specified, in which case all files would be owned by that user 
instead. #[public]
#   path = /usr/somewhere/else/public
#   public = yes
#   only guest = yes
#   writable = yes
#   printable = no 

# The following two entries demonstrate how to share a directory so that two 
# users can place files there that will be owned by the specific users. In 
this # setup, the directory should be writable by both users and should have 
the # sticky bit set on it to prevent abuse. Obviously this could be 
extended to # as many users as required. #[myshare]
#   comment = Mary's and Fred's stuff
#   path = /usr/somewhere/shared
#   valid users = mary fred
#   public = no
#   writable = yes
#   printable = no
#   create mask = 0765 




More information about the samba-technical mailing list