[Samba] password sync "Failed to open/create TDB passwd" - some progress

Adam Williams awilliam at mdah.state.ms.us
Sat Jan 12 01:29:14 GMT 2008 

have you seen this message?  
http://www.webservertalk.com/archive217-2007-12-2249011.html

also, googling for solaris 9 passwd chat gets a lot of hits.  i'd 
upgrade to samba-3.0.28a and then start plugging in other people's 
passwd chats for solaris 9 until you find one that works.


Gaiseric Vandal wrote:
> Solaris 9.
>
> my smb.conf file includes the following
>
>         passwd program =  /usr/bin/passwd %u
> #        passwd program =  /usr/bin/passwd -r nis  %u
> #       passwd chat = *New*Password* %n\n *new*Password* %n\n *changed*
> #       passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed*
> passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
> password\ssuccessfully\schanged*\n
>
>
>
> As you can see I tried a few variants.  User accounts are in NIS, but
> you don't need to explicitly specify this.
>
>
>
>
> On 1/11/08, Adam Williams <awilliam at mdah.state.ms.us> wrote:
>   
>> sounds like your passwd chat = line is wrong.  what OS are you using?  I
>> can give you passwd chat for Fedora and CentOS
>>
>> Gaiseric Vandal wrote:
>>     
>>> I made a little progress.  It is partly a file permissions error.
>>>
>>>
>>>
>>> If I change the permission of /usr/local/samba/private to 660.  Since
>>> the unix Administrator (ie. Windows Domain Administrator) is in the
>>> sysadmin group, this gives it read-write permissions to this file.
>>> Under windows, as the Domain Administrator, I can now change account
>>> properties such as "password never expires."    (these parameters are
>>> apparently in tje account_policy.tdb
>>>  file, which Administrator can't access anyway.)
>>>
>>> I still can not change a user's password  from Windows (with password
>>> sync enabled.)    However now I get the following error:
>>>
>>>     The following error occured changing the properties of the user x
>>>     Acess is denied
>>>
>>> Previously I got
>>>
>>>    The following error occured changing the properties of the user x
>>>    A device attached to the system is not functioning
>>>
>>>
>>> If I tail the log from the windows server as I try this.
>>>      _samr_lookup_names: looking name on SID
>>> S-the-side-of-the-administrator-account
>>> ...
>>>   UNIX token of user 0
>>>
>>>   Primary group is 0 and contains 0 supplementary groups
>>>
>>> [2008/01/11 16:48:10, 5] smbd/uid.c:change_to_root_user(288)
>>>
>>>   change_to_root_user: now uid=(0,0) gid=(0,0)
>>>
>>>
>>>
>>> So it looks like Samba verifies that the Administrator account has the
>>> right to read the password file but still makes changes as the root
>>> account.
>>>
>>> smbd is running as root.  There is no samba account for root.  I did
>>> try adding Administrator to the root group to weed out any remaining
>>> file permission issues.
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Gaiseric Vandal <gaiseric.vandal at gmail.com>
>>> Date: Jan 10, 2008 11:27 AM
>>> Subject: password sync "Failed to open/create TDB passwd"
>>> To: Samba <samba at lists.samba.org>
>>>
>>>
>>> I am trying to enable unix password sync.  PDC is solaris 3.026a on Solaris 9.
>>>
>>> my smb.conf file includes:
>>>
>>> [global]
>>>         workgroup = MYDOMAIN
>>>         server string = myserver
>>>         passdb backend = tdbsam
>>>
>>>         passwd program =  /usr/bin/passwd %u
>>>         passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
>>> password\ssuccessfully\schanged*\n
>>>
>>>         unix password sync = Yes
>>>         passwd chat debug = yes
>>>         passwd chat timeout = 10
>>>
>>>         dos charset = UTF8
>>>         unix charset = UTF8
>>>         display charset = UTF8
>>>
>>>
>>>
>>> Samba was compiled to /usr/local/samba-3.0.26a
>>>
>>> # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb
>>> -rw-------   1 root     sysadmin   49152 Jan 10 08:05
>>> /usr/local/samba-3.0.26a/private/passdb.tdb
>>>
>>>
>>> Assuming password sync is disabled, password or account  changes with
>>> smbpasswd, pdbedit, User Manager for Domains work fine.   If I enable
>>> password sync, I can't change passwords as a user at a PC, or as an
>>> administrator with User Manager for Domains.  (I also can't use User
>>> Manager for Domains to change things like "password never expires."
>>>
>>> The samba log file of the Windows server with UsrMgr shows the following:
>>>
>>> [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108)
>>>
>>>   Get_Pwnam_internals did find user [jsmith]
>>> ...
>>> [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662)
>>>
>>>   tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat
>>> e/passdb.tdb: Permission denied
>>>
>>> [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829)
>>>
>>>   tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat
>>> e/passdb.tdb]
>>>
>>>
>>>
>>>
>>> The passdb file does exist-  and samba is running as root.  I have a
>>> separate unix/windows account for the Domain Admin.
>>>
>>>       
>>

More information about the samba mailing list