[Samba] should lack of secrets.tdb prevent smbd from starting?

Christian, Mark mark.christian at intel.com
Fri Feb 5 22:48:47 UTC 2021

I don't require a correctly configured secrets

I use samba 4.10.5 to provide access to file shares over cifs/smb. I
have non-samba processes to manage host keytabs and user/group
mappings. My smb.conf "security = ads" configuration seems to work as
intended, but only if I ensure a "generic" secrets.tdb file exists,
otherwise smbd will refuse to start. By "generic" I mean the
secrets.tdb which is shared amongst my nodes has either no or incorrect
data for keys found in this tdb. My assumption is that as long as the
AD computer object associated with the samba cifs SPN doesn't have it's
password changed, my samba service will continue to work. Am I
mistaken? Since I manage the samba computer object and keytab outside
of net ads, why do I need secrets.tdb, and must lack of this file
prevent smbd from running? 


More information about the samba mailing list