[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

Rowland penny rpenny at samba.org
Sun Mar 6 18:17:58 UTC 2016

On 06/03/16 17:55, Harry Jede wrote:
> On 18:30:33 wrote Rowland penny:
>> On 06/03/16 16:43, Harry Jede wrote:
>>> On 17:34:10 wrote Rowland penny:
>>>> On 06/03/16 15:53, Harry Jede wrote:
>>>>> On 16:47:40 wrote Rowland penny:
>>>>>> /usr/local/samba/bin/smbpasswd -a ldap02
>>>>> as far as i remember this has never worked! According to the man
>>>>> page this call should add a user to the *local* smb password
>>>>> store. And this is by default /etc/samba/smbpasswd and not any
>>>>> ldap backend.
>>>>> If one wish to use any ldap backend more params are needed. RTFM
>>>> In that case, how am I adding users that don't exist in
>>>> /etc/passwd to ldap with 'smbpasswd -a username' ?
>>> you may use any other tool or script., bot *not* smbpasswd
>>>> Perhaps you need to read the manpage again, pay particular
>>>> attention to ldapsam:editposix
>>> this is a smb.conf param and as such is explained in man smb.conf.
>>> I read man smbpasswd. Here a short snippet:
>>>          -a
>>> This option specifies that the username following should be added
>>> to the *local smbpasswd file* , with the new password typed (type
>>> <Enter> for the old password). This option is ignored if the
>>> username following already exists in the smbpasswd file and it is
>>> treated like a regular change password command. Note that the
>>> default passdb backends *require the user to already exist in the
>>> system password file* (usually /etc/passwd), *else the request to
>>> add the user will fail* .
>>>> Rowland
>> so, if a user *must* exist in /etc/passwd, how did I end up with this
>> in ldap after running 'smbpasswd -a ldap10':
>> dn: uid=ldap10,ou=users,dc=example,dc=com
>> uid: ldap10
>> objectClass: sambaSamAccount
>> objectClass: account
>> objectClass: posixAccount
>> cn: ldap10
>> uidNumber: 10008
>> gidNumber: 10000
>> homeDirectory: /home/ldap10
>> loginShell: /bin/bash
>> sambaPasswordHistory:
>> 00000000000000000000000000000000000000000000000000000000
>>    00000000
>> sambaPwdLastSet: 1457275169
>> sambaAcctFlags: [U          ]
> Does this happen on a system with or without Volkers new fix?

Volkers fix (for me) just gets the password added, without the fix, the 
user is created but the password doesn't get added.

> Rowland I have not written the smbpasswd man page!
> If the man page says the user must exist. OK, then i believe it is true.
> If the man page says this tool works against the local smbpasswd store
> then i believe it is true.
> If the man page says the local passwd store is the file
> /etc/samba/smbpasswd then I believe it is true.

Well, lets put it this way, when and if the secondary segfault gets 
fixed, I will be proposing patches to the smb.conf manpage.

> *And* if if read this document
> https://wiki.samba.org/index.php/Samba_3.4_Features_added/changed
> section *Configuration changes* i am pretty sure this thread waste a lot
> of time.

There is a page here: https://wiki.samba.org/index.php/Ldapsam_Editposix

This describes how to set up ldapsam without smbldap-tools

There is also this page (in japanese): 

They are both slightly wrong if used with Samba 4, syntax etc, but I 
have an NT4-style PDC running in a test VM, without any sign of 
smbldap-tools. The only problem seems to be in actually creating users 
and this is mostly fixed.


>> and 'cat /etc/passwd | grep ldap10' returns nothing ??????
>> Rowland

More information about the samba mailing list