[Samba] password sync "Failed to open/create TDB passwd"
Gaiseric Vandal
gaiseric.vandal at gmail.com
Tue Jan 15 14:57:52 GMT 2008
This is working now.
- smb.conf does need the "pam password change = yes" entry.
- Samba does need to be compiled with the "--with-pam" option.
(my initial reading of the documentation had been that I only needed
it I was using plain text authentication)
- passdb.tdb may need to be rw by the Administrator account.
- And of course I needed to restart smbd (after hours.)
FYI
As part of the debugging process I created a "/usr/bin/passwd.fake"
script to capture what (if anything) is being passed by the chat
script to the passwd command, and updated the smb.conf.
passwd program = /usr/bin/passwd.fake %u
It doesn't look like smb.conf is even calling the password program any
more. And the log files don't show anymore "smbd/chgpasswd.c:"
entires.
On Jan 14, 2008 11:22 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com> wrote:
> I have now tried the following
> - Upgraded from samba 3.026a to 3.028
> - Rebuilt "--with-pam" and added "pam password change = yes"
> (some posts indicated this helped)
> - Added a "root" samba account and a member of Domain Admins (to
> see if it was related to unix level file permissions.)
> - Moved the test user unix account out of nis and into the local
> /etc/passwd.
> - tried variations on the chat script.
>
> # passwd chat = New %n\n new %n\n *changed* \n
> passwd chat =*New* %n\n *new* %n\n *changed* \n
>
>
> Nothing has helped.
>
> The log files do show:
>
> [2008/01/14 09:15:17, 0] smbd/chgpasswd.c:chat_with_program(440)
>
> chat_with_program: Error: dochild() returned 0
>
>
>
> Several of the posts on google referred to password sync working under
> Samba 3.024 but then breaking when upgrading to Samab 3.027.
>
> I have set the log level to 100 to try to catch any syntax error in
> the chat script. Currently my smb.conf file includes:
>
> [global]
> workgroup = MYDOMAIN
> server string = mypdc
> passdb backend = tdbsam
> log file = /var/log/samba/%m.log
> max log size = 50
> domain logons = Yes
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> wins support = Yes
> ldap ssl = no
> cups options = raw
>
> passwd program = /usr/bin/passwd %u
> # passwd program = /usr/bin/passwd -r nis %u
> # passwd chat = *New*Password* %n\n *new*Password* %n\n *changed*
> # passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed*
> # passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n
> # passwd chat = New %n\n new %n\n *changed* \n
> passwd chat =*New* %n\n *new* %n\n *changed* \n
> unix password sync = Yes
> passwd chat debug = yes
> passwd chat timeout = 10
> log level = 100
> pam password change = yes
>
> dos charset = UTF8
> unix charset = UTF8
> display charset = UTF8
>
>
> File perms include
> # ls -l /usr/local/samba/private/passdb.tdb
> -rw-rw---- 1 root sysadmin 49152 Jan 14 08:56 passdb.tdb
>
> # ls -ld /usr/local/samba/var/locks
> drwxrwxr-x 5 root sysadmin 1024 Jan 14 11:20 /usr/local/samba/var/locks
>
>
> # ls -ld /usr/local/samba/var/locks/*
> total 972
> -rw------- 1 root root 8192 Jan 14 11:02 account_policy.tdb
> -rw-r--r-- 1 root root 49152 Jan 14 10:41 brlock.tdb
> -rw-r--r-- 1 root sysadmin 1440 Jan 14 11:20 browse.dat
>
>
> Thanks
>
>
>
>
>
>
> On 12 Jan 2008 13:43:00 +0100, Helmut Hullen <Hullen at t-online.de> wrote:
> > Hallo, Gaiseric,
> >
> > Du (gaiseric.vandal) meintest am 12.01.08:
> >
> >
> > >>> tdb(unnamed): tdb_open_ex: could not open file
> > >>> /usr/local/samba-3.0.26a/privat passdb.tdb: Permission denied
> >
> > >>> The passdb file does exist- and samba is running as root. I have
> > >>> a separate unix/windows account for the Domain Admin.
> >
> >
> > > Does this mean I should be changing the locale? Is this a samba or
> > > an OS setting?
> >
> >
> > Which rights has the directory, which rights has the file?
> >
> > Viele Gruesse!
> > Helmut
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> >
>
More information about the samba
mailing list