[Samba] Problems with tdb-database after migration from Debian-Samba-3.2.5-4lenny6 to Samba-3.2.5-4lenny7

Heinz Allerberger allerberger at em.uni-frankfurt.de
Wed Nov 4 09:32:07 MST 2009

Hi there ...

I have a problem with my tdb-database after I've migrated from Debian-Samba-3.2.5-4lenny6 to Samba-3.2.5-4lenny7.
All the old directories /etc/samba with the smb.conf and /var/lib/samba with the tdb-database has been hold.

Now I've inexplicable effects with my tdb-database.
- I cannot list my admin - user, which is the domain-administrator, in my passwd.tdb.
- I cannot attach any longer WindowsWorkstations to my domain.

1.) My samba-version:
myserver1:~# apt-cache policy samba
  Installiert: 2:3.2.5-4lenny7

2.)Problem with pdbedit -L :
myserver1:~# pdbedit -L | grep admin
>>> You see, there is nothing....

3.) But pdbedit -u admin -v is successful:
myserver1:/etc/samba# pdbedit -u admin -v    
Unix username:        admin
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-1656000120-2433418590-619812953-500
Primary Group SID:    S-1-5-21-1656000120-2433418590-619812953-513
Full Name:            
Home Directory:       \\myserver1\admin\win
HomeDir Drive:        U:
Logon Script:         logon.cmd
Profile Path:         \\myserver1\profiles\admin
Domain:               MYDOMAIN
Account desc:         
Munged dial:          
Logon time:           0
Logoff time:          never
Kickoff time:         0
Password last set:    Mi, 06 Aug 2008 10:19:23 CEST
Password can change:  Mi, 06 Aug 2008 10:19:23 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0

4.) Samba group-mapping:
myserver1:/etc/samba# net groupmap list
Domain Admins (S-1-5-21-1656000120-2433418590-619812953-512) -> domadmins

5.) real Unix-group:
myserver1:/etc# cat group | grep domadmins

6)# List rpc privileges on an Samba:
myserver1:/etc# net rpc rights list accounts -U admin -S
Enter admin's password:
BUILTIN\Print Operators
No privileges assigned

BUILTIN\Account Operators
No privileges assigned

BUILTIN\Backup Operators
No privileges assigned

BUILTIN\Server Operators
No privileges assigned


No privileges assigned

7.) Here are the global settings of my smb.conf:
        unix charset = ISO8859-1
        workgroup = MYDOMAIN
        netbios aliases = myserver1
        server string = %h
        update encrypted = Yes
        obey pam restrictions = Yes
        passdb backend = tdbsam
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        add user script = /usr/sbin/adduser.sh -p -u "%u" -n "%u"
        delete user script = /usr/sbin/userdel "%u"
        add group script = /usr/local/bin/smbgrpadd.sh "%g"
        delete group script = /usr/sbin/groupdel "%g"
        add user to group script = /usr/bin/gpasswd -a "%u" "%g"
        delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
        set primary group script = /usr/sbin/usermod -g "%g" "%u"
        add machine script = /usr/sbin/addmachine.sh -u %u
        logon script = logon.cmd
        logon path = \\%N\profiles\%U
        logon drive = U:
        logon home = \\%N\%U\win
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        ldap ssl = no
        panic action = /usr/share/samba/panic-action %d
        invalid users = root
-----------------End of global settings --------

Does anyone have an idea what the reason of this strange behaver of my 
passwd.tdb ist?
I believe, when this is fixed, the problem with the attachment of new 
WindowsWorkstations to the domain will also be solved.


Heinz Allerberger

More information about the samba mailing list