[Samba] password sync "Failed to open/create TDB passwd" - some progress

Gaiseric Vandal gaiseric.vandal at gmail.com
Sat Jan 12 00:27:41 GMT 2008 

Solaris 9.

my smb.conf file includes the following

        passwd program =  /usr/bin/passwd %u
#        passwd program =  /usr/bin/passwd -r nis  %u
#       passwd chat = *New*Password* %n\n *new*Password* %n\n *changed*
#       passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed*
passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
password\ssuccessfully\schanged*\n



As you can see I tried a few variants.  User accounts are in NIS, but
you don't need to explicitly specify this.




On 1/11/08, Adam Williams <awilliam at mdah.state.ms.us> wrote:
> sounds like your passwd chat = line is wrong.  what OS are you using?  I
> can give you passwd chat for Fedora and CentOS
>
> Gaiseric Vandal wrote:
> > I made a little progress.  It is partly a file permissions error.
> >
> >
> >
> > If I change the permission of /usr/local/samba/private to 660.  Since
> > the unix Administrator (ie. Windows Domain Administrator) is in the
> > sysadmin group, this gives it read-write permissions to this file.
> > Under windows, as the Domain Administrator, I can now change account
> > properties such as "password never expires."    (these parameters are
> > apparently in tje account_policy.tdb
> >  file, which Administrator can't access anyway.)
> >
> > I still can not change a user's password  from Windows (with password
> > sync enabled.)    However now I get the following error:
> >
> >     The following error occured changing the properties of the user x
> >     Acess is denied
> >
> > Previously I got
> >
> >    The following error occured changing the properties of the user x
> >    A device attached to the system is not functioning
> >
> >
> > If I tail the log from the windows server as I try this.
> >      _samr_lookup_names: looking name on SID
> > S-the-side-of-the-administrator-account
> > ...
> >   UNIX token of user 0
> >
> >   Primary group is 0 and contains 0 supplementary groups
> >
> > [2008/01/11 16:48:10, 5] smbd/uid.c:change_to_root_user(288)
> >
> >   change_to_root_user: now uid=(0,0) gid=(0,0)
> >
> >
> >
> > So it looks like Samba verifies that the Administrator account has the
> > right to read the password file but still makes changes as the root
> > account.
> >
> > smbd is running as root.  There is no samba account for root.  I did
> > try adding Administrator to the root group to weed out any remaining
> > file permission issues.
> >
> >
> > Thanks
> >
> >
> >
> >
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Gaiseric Vandal <gaiseric.vandal at gmail.com>
> > Date: Jan 10, 2008 11:27 AM
> > Subject: password sync "Failed to open/create TDB passwd"
> > To: Samba <samba at lists.samba.org>
> >
> >
> > I am trying to enable unix password sync.  PDC is solaris 3.026a on Solaris 9.
> >
> > my smb.conf file includes:
> >
> > [global]
> >         workgroup = MYDOMAIN
> >         server string = myserver
> >         passdb backend = tdbsam
> >
> >         passwd program =  /usr/bin/passwd %u
> >         passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
> > password\ssuccessfully\schanged*\n
> >
> >         unix password sync = Yes
> >         passwd chat debug = yes
> >         passwd chat timeout = 10
> >
> >         dos charset = UTF8
> >         unix charset = UTF8
> >         display charset = UTF8
> >
> >
> >
> > Samba was compiled to /usr/local/samba-3.0.26a
> >
> > # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb
> > -rw-------   1 root     sysadmin   49152 Jan 10 08:05
> > /usr/local/samba-3.0.26a/private/passdb.tdb
> >
> >
> > Assuming password sync is disabled, password or account  changes with
> > smbpasswd, pdbedit, User Manager for Domains work fine.   If I enable
> > password sync, I can't change passwords as a user at a PC, or as an
> > administrator with User Manager for Domains.  (I also can't use User
> > Manager for Domains to change things like "password never expires."
> >
> > The samba log file of the Windows server with UsrMgr shows the following:
> >
> > [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108)
> >
> >   Get_Pwnam_internals did find user [jsmith]
> > ...
> > [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662)
> >
> >   tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat
> > e/passdb.tdb: Permission denied
> >
> > [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829)
> >
> >   tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat
> > e/passdb.tdb]
> >
> >
> >
> >
> > The passdb file does exist-  and samba is running as root.  I have a
> > separate unix/windows account for the Domain Admin.
> >
>
>

More information about the samba mailing list