Failed to open /usr/local/samba/private/secrets.tdb
Gerald (Jerry) Carter
jerry at samba.org
Fri Oct 18 13:52:59 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve,
Please post general use questions to the samba at samba.org
list (see http://lists.samba.org/listinfo/samba for details).
The samba-technical mailing is for discussions of Samba
internals and development issues. Thanks.
btw....make sure that the /usr/local/samba/private/ directory
exists.
cheers, jerry
On Thu, 17 Oct 2002 steve at hastingsfamily.com wrote:
> All,
>
> TIA, I have a feeling this is a question everyone knows the answer to but
> me, why do I keep getting the message:
>
> Failed to open /usr/local/samba/private/secrets.tdb
>
> Solaris 8 02/02 release. private/secrets.tdb does not exist, and
> /usr/local/samba is root:other ownership. /etc/init.d/samba.server start
> will start smbd and nmbd, nbtstat shows the share, but I can't create any
> samba users. smb.conf and smb.log at bottom.
>
> When I run:
>
> #smbpasswd -a root
> Failed to open /usr/local/samba/private/secrets.tdb
> New SMB password:
> Retype new SMB password:
> unable to open passdb database.
> startsmbfilepwent_internal: too many race conditions creating file
> /usr/local/samba/private/smbpasswd
> add_smbfilepwd_entry: unable to open file.
> Failed to add entry for user root.
> Failed to modify password entry for user root
> #
>
>
> This is created:
>
>
> Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/16 11:41:56,
> 0] passdb/secrets.c:secrets_init(43)
> Failed to open /usr/local/samba/private/secrets.tdb
> [2002/10/16 11:41:57, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163)
> pdb_generate_sam_sid: Failed to store generated machine SID. [2002/10/16
> 11:41:57, 0] smbd/server.c:main(793)
> ERROR: Samba cannot create a SAM SID.
> [2002/10/16 11:43:31, 0] smbd/server.c:main(707)
> smbd version 2.2.5 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/16
> 11:43:31, 0] passdb/secrets.c:secrets_init(43)
> Failed to open /usr/local/samba/private/secrets.tdb
> [2002/10/16 11:43:31, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163)
> pdb_generate_sam_sid: Failed to store generated machine SID. [2002/10/16
> 11:43:31, 0] smbd/server.c:main(793)
> ERROR: Samba cannot create a SAM SID.
>
> ---------------------------------------------
>
> smb.conf
>
> -------------------------------------------------
>
>
> # This is the main Samba configuration file. You should read the #
> smb.conf(5) manual page in order to understand the options listed # here.
> Samba has a huge number of configurable options (perhaps too # many!) most
> of which are not shown in this example # # Any line which starts with a ;
> (semi-colon) or a # (hash) # is a comment and is ignored. In this example we
> will use a # # for commentry and a ; for parts of the config file that you #
> may wish to enable # # NOTE: Whenever you modify this file you should run
> the command "testparm" # to check that you have not many any basic syntactic
> errors. # #======================= Global Settings
> =====================================
> [global]
>
> ##
> ## Basic Server Settings
> ##
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
> workgroup = MYGROUP
>
> # server string is the equivalent of the NT Description field
> server string = Samba Server
>
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
> ; hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0
> 127.0.0.1
> hosts allow = 10.53.210.32 10.53.210.31 127.0.0.1
>
> # Uncomment this if you want a guest account, you must add this to
> /etc/passwd
> # otherwise the user "nobody" is used
> ; guest account = pcguest
>
> # this tells Samba to use a separate log file for each machine
> # that connects
> log file = /usr/local/samba/var/log.%m
>
> # How much information do you want to see in the logs?
> # default is only to log critical messages
> ; log level = 4
>
> # Put a capping on the size of the log files (in Kb).
> max log size = 50
>
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.
> security = user
>
> # Using the following line enables you to customise your configuration
> # on a per machine basis. The %m gets replaced with the netbios name
> # of the machine that is connecting.
> # Note: Consider carefully the location in the configuration file of
> # this line. The included file is read at that point.
> ; include = /usr/local/samba/lib/smb.conf.%m
>
> # Most people will find that this option gives better performance.
> # See speed.txt and the manual pages for details
> # You may want to add the following on a Linux system:
> # SO_RCVBUF=8192 SO_SNDBUF=8192
> ; socket options = TCP_NODELAY
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces and want to limit smbd will
> # use, list the ones desired here. Otherwise smbd & nmbd will bind to all
> # active interfaces on the system. See the man page for details.
> ; interfaces = 192.168.12.2/24 192.168.13.2/24
> interfaces = 10.53.208.24/24
>
> # Should smbd report that it has MS-DFS Capabilities? Only available
> # if --with-msdfs was passed to ./configure
> ; host msdfs = yes
>
> ##
> ## Network Browsing
> ##
> # set local master to no if you don't want Samba to become a master
> # browser on your network. Otherwise the normal election rules apply
> ; local master = no
>
> # OS Level determines the precedence of this server in master browser
> # elections. The default value (20) should be reasonable
> ; os level = 20
>
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
> ; domain master = yes
>
> # Preferred Master causes Samba to force a local browser election on
> startup
> # and gives it a slightly higher chance of winning the election
> ; preferred master = yes
>
>
> ##
> ## WINS & Name Resolution
> ##
> # Windows Internet Name Serving Support Section:
> # WINS Support - Tells the NMBD component of Samba to enable it's WINS
> Server
> ; wins support = yes
>
> # WINS Server - Tells the NMBD components of Samba to be a WINS Client
> # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
> ; wins server = w.x.y.z
>
> # WINS Proxy - Tells Samba to answer name resolution queries on
> # behalf of a non WINS capable client, for this to work there must be
> # at least one WINS Server on the network. The default is NO.
> ; wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups.
> dns proxy = no
>
>
> ##
> ## Passwords & Authentication
> ##
> # Use password server option only with security = server
> # The argument list may include:
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> ; password server = *
> ; password server = <NT-Server-Name>
>
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
> # Do not enable this option unless you have read those documents
> ; encrypt passwords = yes
>
> # Should smbd obey the session and account lines in /etc/pam.d/samba ?
> # only available if --with-pam was used at compile time
> ; obey pam restrictions = yes
>
> # When using encrypted passwords, Samba can synchronize the local
> # UNIX password as well. You will also need the "passwd chat" parameters
> ; unix passwword sync = yes
>
> # how should smbd talk to the local system when changing a UNIX
> # password? See smb.conf(5) for details
> ; passwd chat = <custom chat string>
>
> # This is only available if you compiled Samba to include --with-pam
> # Use PAM for changing the password
> ; pam password change = yes
>
> ##
> ## Domain Control
> ##
> # Enable this if you want Samba act as a domain controller.
> # make sure you have read the Samba-PDC-HOWTO included in the documentation
> # before enabling this parameter
> ; domain logons = yes
>
> # if you enable domain logons then you may want a per-machine or
> # per user logon script
> # run a specific logon batch file per workstation (machine)
> ; logon script = %m.bat
> # run a specific logon batch file per username
> ; logon script = %U.bat
>
> # Where to store roving profiles (only for Win95 and WinNT)
> # %L substitutes for this servers netbios name, %U is username
> # You must uncomment the [Profiles] share below
> ; logon path = \\%L\Profiles\%U
>
> # UNC path specifying the network location of the user's home directory
> # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
> ; logon home = \\%L\%U
>
> # What drive should the "logon home" be mounted at upon login ?
> # only used when acting as a DC for WinNT/2k/XP. Ignored by Win9x clients
> ; logon drive = H:
>
> ##
> ## Printing
> ##
>
> # If you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
> load printers = yes
>
> # you may wish to override the location of the printcap file
> ; printcap name = /etc/printcap
>
> # on SystemV system setting printcap name to lpstat should allow
> # you to automatically obtain a printer list from the SystemV spool
> # system
> ; printcap name = lpstat
>
> # It should not be necessary to specify the print system type unless
> # it is non-standard. Currently supported print systems include:
> # bsd, sysv, plp, lprng, aix, hpux, qnx
> ; printing = bsd
>
> # Enable this to make Samba 2.2 behavior just like Samba 2.0
> # not recommended nuless you are sure of what you are doing
> ; disable spoolss = yes
>
> # list of users and groups which should be able to remotely manage
> # printer drivers installed on the server
> ; printer admin = root, +ntadmin
>
>
> ##
> ## Winbind
> ##
>
> # specify the uid range which can be used by winbindd
> # to allocate uids for Windows users as necessary
> ; winbind uid = 10000-65000
>
> # specify the uid range which can be used by winbindd
> # to allocate uids for Windows users as necessary
> ; winbind gid = 10000-65000
>
> # Define a home directory to be given to passwd(5) style entries
> # generated by libnss_winbind.so. You can use variables here
> ; winbind template homedir = /home/%D/%U
>
> # Specify a shell for all winbind user entries return by the
> # libnss_winbind.so library.
> ; winbind template shell = /bin/sh
>
> # What character should be used to separate the DOMAIN and Username
> # for a Windows user. The default is DOMAIN\user, but many people
> # prefer DOMAIN+user
> ; winbind separator = +
>
>
> #============================ Share Definitions
> ============================== [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> valid users = %S
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons ; [netlogon]
> ; comment = Network Logon Service
> ; path = /usr/local/samba/lib/netlogon
> ; guest ok = yes
> ; writable = no
> ; share modes = no
>
>
> # Un-comment the following to provide a specific roving profile share # the
> default is to use the user's home directory
> # comment = Home Directories
> ;[Profiles]
> ; path = /usr/local/samba/profiles
> ; browseable = no
> ; guest ok = yes
>
>
> # NOTE: If you have a BSD-style print system there is no need to #
> specifically define each individual printer #[printers]
> # comment = All Printers
> # path = /usr/spool/samba
> # browseable = no
> # # Set public = yes to allow user 'guest account' to print
> # guest ok = no
> # writable = no
> # printable = yes
>
> # This one is useful for people to share files
> #[tmp]
> # comment = Temporary file space
> # path = /tmp
> # read only = no
> # public = yes
>
>
> # MS-DFS support is only available if Samba was compiled to
> # include --with-msdfs
> ;[dfsroot]
> ; dfs root = yes
>
>
> # A publicly accessible directory, but read only, except for people in # the
> "staff" group ;[public]
> ; comment = Public Stuff
> ; path = /home/samba
> ; public = yes
> ; writable = yes
> ; printable = no
> ; write list = @staff
>
>
> ##
> ## Other examples.
> ##
>
> # A private printer, usable only by fred. Spool data will be placed in
> fred's # home directory. Note that fred must have write access to the spool
> directory, # wherever it is. #[fredsprn]
> # comment = Fred's Printer
> # valid users = fred
> # path = /homes/fred
> # printer = freds_printer
> # public = no
> # writable = no
> # printable = yes
>
>
> # A private directory, usable only by fred. Note that fred requires write #
> access to the directory. #[fredsdir]
> # comment = Fred's Service
> # path = /usr/somewhere/private
> # valid users = fred
> # public = no
> # writable = yes
>
>
> # A private directory, usable only by fred. Note that fred requires write #
> access to the directory. [Assentor]
> comment = Assentor FTP Service
> path = /app/BBGMail
> valid users = letftp
> public = no
> writable = no
> printable = no
>
> # a service which has a different directory for each machine that connects #
> this allows you to tailor configurations to incoming machines. You could #
> also use the %U option to tailor it by user name. # The %m gets replaced
> with the machine name that is connecting. #[pchome] # comment = PC
> Directories # path = /usr/pc/%m # public = no # writable = yes
>
> # A publicly accessible directory, read/write to all users. Note that all
> files # created in the directory by users will be owned by the default user,
> so # any user with access can delete any other user's files. Obviously this
> # directory must be writable by the default user. Another user could of
> course # be specified, in which case all files would be owned by that user
> instead. #[public]
> # path = /usr/somewhere/else/public
> # public = yes
> # only guest = yes
> # writable = yes
> # printable = no
>
> # The following two entries demonstrate how to share a directory so that two
> # users can place files there that will be owned by the specific users. In
> this # setup, the directory should be writable by both users and should have
> the # sticky bit set on it to prevent abuse. Obviously this could be
> extended to # as many users as required. #[myshare]
> # comment = Mary's and Fred's stuff
> # path = /usr/somewhere/shared
> # valid users = mary fred
> # public = no
> # writable = yes
> # printable = no
> # create mask = 0765
>
- --
---------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
ISBN 0-672-32269-2 "SAMS Teach Yourself Samba in 24 Hours" 2ed
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE9sBGjIR7qMdg1EfYRAmyWAKDwCQ79lDulwqXLYV6CCnUTfP0pWQCgoN0K
/RlBhXqVqnf/t0UO1hSB3fI=
=WY9s
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list