[Samba] password sync "Failed to open/create TDB passwd" - some
progress
Gaiseric Vandal
gaiseric.vandal at gmail.com
Sat Jan 12 00:27:41 GMT 2008
Solaris 9.
my smb.conf file includes the following
passwd program = /usr/bin/passwd %u
# passwd program = /usr/bin/passwd -r nis %u
# passwd chat = *New*Password* %n\n *new*Password* %n\n *changed*
# passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed*
passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
password\ssuccessfully\schanged*\n
As you can see I tried a few variants. User accounts are in NIS, but
you don't need to explicitly specify this.
On 1/11/08, Adam Williams <awilliam at mdah.state.ms.us> wrote:
> sounds like your passwd chat = line is wrong. what OS are you using? I
> can give you passwd chat for Fedora and CentOS
>
> Gaiseric Vandal wrote:
> > I made a little progress. It is partly a file permissions error.
> >
> >
> >
> > If I change the permission of /usr/local/samba/private to 660. Since
> > the unix Administrator (ie. Windows Domain Administrator) is in the
> > sysadmin group, this gives it read-write permissions to this file.
> > Under windows, as the Domain Administrator, I can now change account
> > properties such as "password never expires." (these parameters are
> > apparently in tje account_policy.tdb
> > file, which Administrator can't access anyway.)
> >
> > I still can not change a user's password from Windows (with password
> > sync enabled.) However now I get the following error:
> >
> > The following error occured changing the properties of the user x
> > Acess is denied
> >
> > Previously I got
> >
> > The following error occured changing the properties of the user x
> > A device attached to the system is not functioning
> >
> >
> > If I tail the log from the windows server as I try this.
> > _samr_lookup_names: looking name on SID
> > S-the-side-of-the-administrator-account
> > ...
> > UNIX token of user 0
> >
> > Primary group is 0 and contains 0 supplementary groups
> >
> > [2008/01/11 16:48:10, 5] smbd/uid.c:change_to_root_user(288)
> >
> > change_to_root_user: now uid=(0,0) gid=(0,0)
> >
> >
> >
> > So it looks like Samba verifies that the Administrator account has the
> > right to read the password file but still makes changes as the root
> > account.
> >
> > smbd is running as root. There is no samba account for root. I did
> > try adding Administrator to the root group to weed out any remaining
> > file permission issues.
> >
> >
> > Thanks
> >
> >
> >
> >
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Gaiseric Vandal <gaiseric.vandal at gmail.com>
> > Date: Jan 10, 2008 11:27 AM
> > Subject: password sync "Failed to open/create TDB passwd"
> > To: Samba <samba at lists.samba.org>
> >
> >
> > I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9.
> >
> > my smb.conf file includes:
> >
> > [global]
> > workgroup = MYDOMAIN
> > server string = myserver
> > passdb backend = tdbsam
> >
> > passwd program = /usr/bin/passwd %u
> > passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
> > password\ssuccessfully\schanged*\n
> >
> > unix password sync = Yes
> > passwd chat debug = yes
> > passwd chat timeout = 10
> >
> > dos charset = UTF8
> > unix charset = UTF8
> > display charset = UTF8
> >
> >
> >
> > Samba was compiled to /usr/local/samba-3.0.26a
> >
> > # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb
> > -rw------- 1 root sysadmin 49152 Jan 10 08:05
> > /usr/local/samba-3.0.26a/private/passdb.tdb
> >
> >
> > Assuming password sync is disabled, password or account changes with
> > smbpasswd, pdbedit, User Manager for Domains work fine. If I enable
> > password sync, I can't change passwords as a user at a PC, or as an
> > administrator with User Manager for Domains. (I also can't use User
> > Manager for Domains to change things like "password never expires."
> >
> > The samba log file of the Windows server with UsrMgr shows the following:
> >
> > [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108)
> >
> > Get_Pwnam_internals did find user [jsmith]
> > ...
> > [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662)
> >
> > tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat
> > e/passdb.tdb: Permission denied
> >
> > [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829)
> >
> > tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat
> > e/passdb.tdb]
> >
> >
> >
> >
> > The passdb file does exist- and samba is running as root. I have a
> > separate unix/windows account for the Domain Admin.
> >
>
>
More information about the samba
mailing list