should lack of secrets.tdb prevent smbd from starting?

Christian, Mark mark.christian at
Fri Feb 5 17:44:26 UTC 2021

I use samba to provide access to file shares over cifs/smb. I have non-
samba processes to manage host keytabs and user/group mappings. My
smb.conf "security = ads" configuration seems to work as intended, but
only if I ensure a "generic" secrets.tdb file exists, otherwise smbd
will refuse to start. My assumption is that as long as the AD computer
object associated with the samba cifs SPNs doesn't have it's password
changed, my samba service will continue to work. Am I mistaken? Since I
manage the samba computer object and keytab outside of net ads, why do
I need secrets.tdb, and must lack of this file prevent smbd from


More information about the samba-technical mailing list