security = domain still requires smbpasswd

Timothy Demarest demarest at arraycomm.com
Fri Feb 19 01:49:31 GMT 1999


Hello:

We are successfully using Samba 2.0.2 under SunOS 4.1.3 (no comments
please) and Solaris 2.5.1. Our upgrade from a very old version (1.9.16p10)
went without a hitch. When we moved to 2.0.2, we switched our security to
"domain" and began using out NT Server (4.0 SP3) as the password
server.

This all works great--PC clients running a variety of Windows 95 versions
as well as Windows NT Workstation mount the samba shares with no
problems. However, I periodically see the following message in the log
files (I trimmed the date/time stamp and machine name):

smbd[3837]: [1999/02/18 09:11:26, 0] passdb/smbpass.c:startsmbfilepwent(50)
smbd[3837]:   startsmbfilepwent: unable to open file 
/opt/local/samba/2.0/private/smbpasswd
smbd[3837]: [1999/02/18 09:11:26, 0] passdb/passdb.c:iterate_getsmbpwnam(147)
smbd[3837]:   unable to open smb password database.
smbd[3837]: [1999/02/18 09:11:26, 0] smbd/reply.c:reply_sesssetup_and_X(771)
smbd[3837]:   NT Password did not match ! Defaulting to Lanman
smbd[3837]: [1999/02/18 09:11:26, 0] passdb/smbpass.c:startsmbfilepwent(50)
smbd[3837]:   startsmbfilepwent: unable to open file 
/opt/local/samba/2.0/private/smbpasswd
smbd[3837]: [1999/02/18 09:11:26, 0] passdb/passdb.c:iterate_getsmbpwnam(147)
smbd[3837]:   unable to open smb password database.

This does not affect the user's ability to mount shares--everything
works. I have no smbpasswd file because I was under the assumption that
using the PDC to authenticate obviates the need for the smbpasswd
file. What I have done is create a link to ./private/smbpasswd ->
/dev/null, which has at least stopped the messages from clouding up the
logs.

Since I thought the symlink option was inelegant , I attemped to set the
"smb passwd file" option in smb.conf to /dev/null. This was a bad, bad
thing to do as:

- /dev/null automatically had its permission changed to 600
- I started getting all sorts of errors in the logs:

smbd[4499]: [1999/02/18 16:59:54, 0]
passdb/smbpassfile.c:trust_password_lock(121) 
smbd[4499]:   trust_password_lock: cannot open file /dev/SJACOM.CLEM.mac -
Error was No such file or directory. 
smbd[4499]: [1999/02/18 16:59:54, 0]
passdb/smbpassfile.c:trust_get_passwd(290) 
smbd[4499]:   domain_client_validate: unable to open the machine account
password file for machine CLEM in domain SJACOM.


For obvious reasons, I reverted the smb.conf file so that there was no "smb
passwd file" option and just recreated the symlink.

My questions are:

- What is the proper way when using domain security to turn off checking
for the smbpasswd file?

- Why did setting the "smb passwd file" option in smb.conf "break"
/dev/null and.or why didnt this work as expected?

Any input is greatly appreciated.

--
Timothy Demarest                      ArrayComm, Inc.
demarest at arraycomm.com                3141 Zanker Road
http://www.arraycomm.com              San Jose, CA 95134




More information about the samba mailing list