[Samba] password sync "Failed to open/create TDB passwd" - some
progress
Adam Williams
awilliam at mdah.state.ms.us
Sat Jan 12 00:13:49 GMT 2008
sounds like your passwd chat = line is wrong. what OS are you using? I
can give you passwd chat for Fedora and CentOS
Gaiseric Vandal wrote:
> I made a little progress. It is partly a file permissions error.
>
>
>
> If I change the permission of /usr/local/samba/private to 660. Since
> the unix Administrator (ie. Windows Domain Administrator) is in the
> sysadmin group, this gives it read-write permissions to this file.
> Under windows, as the Domain Administrator, I can now change account
> properties such as "password never expires." (these parameters are
> apparently in tje account_policy.tdb
> file, which Administrator can't access anyway.)
>
> I still can not change a user's password from Windows (with password
> sync enabled.) However now I get the following error:
>
> The following error occured changing the properties of the user x
> Acess is denied
>
> Previously I got
>
> The following error occured changing the properties of the user x
> A device attached to the system is not functioning
>
>
> If I tail the log from the windows server as I try this.
> _samr_lookup_names: looking name on SID
> S-the-side-of-the-administrator-account
> ...
> UNIX token of user 0
>
> Primary group is 0 and contains 0 supplementary groups
>
> [2008/01/11 16:48:10, 5] smbd/uid.c:change_to_root_user(288)
>
> change_to_root_user: now uid=(0,0) gid=(0,0)
>
>
>
> So it looks like Samba verifies that the Administrator account has the
> right to read the password file but still makes changes as the root
> account.
>
> smbd is running as root. There is no samba account for root. I did
> try adding Administrator to the root group to weed out any remaining
> file permission issues.
>
>
> Thanks
>
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Gaiseric Vandal <gaiseric.vandal at gmail.com>
> Date: Jan 10, 2008 11:27 AM
> Subject: password sync "Failed to open/create TDB passwd"
> To: Samba <samba at lists.samba.org>
>
>
> I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9.
>
> my smb.conf file includes:
>
> [global]
> workgroup = MYDOMAIN
> server string = myserver
> passdb backend = tdbsam
>
> passwd program = /usr/bin/passwd %u
> passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
> password\ssuccessfully\schanged*\n
>
> unix password sync = Yes
> passwd chat debug = yes
> passwd chat timeout = 10
>
> dos charset = UTF8
> unix charset = UTF8
> display charset = UTF8
>
>
>
> Samba was compiled to /usr/local/samba-3.0.26a
>
> # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb
> -rw------- 1 root sysadmin 49152 Jan 10 08:05
> /usr/local/samba-3.0.26a/private/passdb.tdb
>
>
> Assuming password sync is disabled, password or account changes with
> smbpasswd, pdbedit, User Manager for Domains work fine. If I enable
> password sync, I can't change passwords as a user at a PC, or as an
> administrator with User Manager for Domains. (I also can't use User
> Manager for Domains to change things like "password never expires."
>
> The samba log file of the Windows server with UsrMgr shows the following:
>
> [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108)
>
> Get_Pwnam_internals did find user [jsmith]
> ...
> [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662)
>
> tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat
> e/passdb.tdb: Permission denied
>
> [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829)
>
> tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat
> e/passdb.tdb]
>
>
>
>
> The passdb file does exist- and samba is running as root. I have a
> separate unix/windows account for the Domain Admin.
>
More information about the samba
mailing list