[Samba] password sync "Failed to open/create TDB passwd"

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Jan 15 14:57:52 GMT 2008 

This is working now.

  -  smb.conf does need the "pam password change = yes" entry.
  - Samba does need to be compiled with the  "--with-pam"  option.
(my initial reading of the documentation had been that I only needed
it I was using plain text authentication)
 -  passdb.tdb may need to be rw by the Administrator account.
-  And of course I needed to restart smbd (after hours.)


FYI

As part of the debugging process I created a "/usr/bin/passwd.fake"
script to capture what (if anything) is being passed by the chat
script to the passwd command, and updated the smb.conf.

           passwd program =  /usr/bin/passwd.fake %u


It doesn't look like smb.conf is even calling the password program any
more.   And the log files don't show anymore "smbd/chgpasswd.c:"
entires.






On Jan 14, 2008 11:22 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com> wrote:
> I have now tried the following
>   -   Upgraded from samba 3.026a to 3.028
>   -   Rebuilt  "--with-pam" and added "pam password change = yes"
> (some posts indicated this helped)
>   -   Added a "root" samba account and a member of Domain Admins (to
> see if it was related to unix level file permissions.)
>   -   Moved the test user unix  account out of nis and into the local
> /etc/passwd.
>   -   tried variations on the chat script.
>
> #        passwd chat = New %n\n new %n\n *changed* \n
>          passwd chat =*New* %n\n *new* %n\n *changed* \n
>
>
> Nothing has helped.
>
> The log files do show:
>
> [2008/01/14 09:15:17, 0] smbd/chgpasswd.c:chat_with_program(440)
>
>   chat_with_program: Error: dochild() returned 0
>
>
>
> Several of the posts on google referred to password sync working under
> Samba 3.024 but then breaking when upgrading to Samab 3.027.
>
> I have set the log level to 100 to try to catch any syntax error in
> the chat script.    Currently my smb.conf file includes:
>
> [global]
>         workgroup = MYDOMAIN
>         server string = mypdc
>         passdb backend = tdbsam
>         log file = /var/log/samba/%m.log
>         max log size = 50
>         domain logons = Yes
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         ldap ssl = no
>         cups options = raw
>
>         passwd program =  /usr/bin/passwd %u
> #        passwd program =  /usr/bin/passwd -r nis  %u
> #       passwd chat = *New*Password* %n\n *new*Password* %n\n *changed*
> #       passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed*
> #       passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n
> #        passwd chat = New %n\n new %n\n *changed* \n
>          passwd chat =*New* %n\n *new* %n\n *changed* \n
>         unix password sync = Yes
>         passwd chat debug = yes
>         passwd chat timeout = 10
>         log level = 100
>         pam password change = yes
>
>         dos charset = UTF8
>         unix charset = UTF8
>         display charset = UTF8
>
>
> File perms include
> # ls -l /usr/local/samba/private/passdb.tdb
> -rw-rw----   1 root     sysadmin   49152 Jan 14 08:56 passdb.tdb
>
> # ls -ld /usr/local/samba/var/locks
> drwxrwxr-x   5 root     sysadmin    1024 Jan 14 11:20 /usr/local/samba/var/locks
>
>
> # ls -ld /usr/local/samba/var/locks/*
> total 972
> -rw-------   1 root     root        8192 Jan 14 11:02 account_policy.tdb
> -rw-r--r--   1 root     root       49152 Jan 14 10:41 brlock.tdb
> -rw-r--r--   1 root     sysadmin    1440 Jan 14 11:20 browse.dat
>
>
> Thanks
>
>
>
>
>
>
> On 12 Jan 2008 13:43:00 +0100, Helmut Hullen <Hullen at t-online.de> wrote:
> > Hallo, Gaiseric,
> >
> > Du (gaiseric.vandal) meintest am 12.01.08:
> >
> >
> > >>>   tdb(unnamed): tdb_open_ex: could not open file
> > >>>   /usr/local/samba-3.0.26a/privat passdb.tdb: Permission denied
> >
> > >>> The passdb file does exist-  and samba is running as root.  I have
> > >>> a separate unix/windows account for the Domain Admin.
> >
> >
> > > Does this mean I should be changing the locale?  Is this a samba or
> > > an OS setting?
> >
> >
> > Which rights has the directory, which rights has the file?
> >
> > Viele Gruesse!
> > Helmut
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>

More information about the samba mailing list