[Samba] problems with secrets.ldb in samba 4.13.4

Andrew Bartlett abartlet at samba.org
Wed Feb 10 01:15:50 UTC 2021

On Tue, 2021-02-09 at 19:56 -0500, Jason Keltz via samba wrote:
> Hi..
> I'm just about to join 300+ hosts to a new AD domain next week. We
> have 
> upgraded from latest Samba 4.11 to 4.13.4.
> On a client in the domain, I unjoin the domain, clear the samba 
> directory, and run my script for joining a host to the domain.
> The join appears to succeed and I can login to the host. winbind
> appears 
> happy.
> However, in the samba winbind log, log.wb-<WORKGROUP> I see many many
> times:
> ldb: Failed to connect to '/local/samba/private/secrets.ldb' with 
> backend 'tdb': Unable to open tdb '/local/samba/private/secrets.ldb':
> No 
> such file or directory
> Sure enough, only the file secrets.tdb exists, and not secrets.ldb.

Which is fine.

> Has something changed between 4.11 and 4.13 with respects to
> secrets.ldb?

We stopped implicitly creating an empty file without any secrets in

It is harmless, we just have some common code to handle the 'member
server' case (remembering that an AD DC is itself a member servers to
it's own domain) that tries to cope with the different way this data is

> I'm not even trying to make an old configuration work with the new 
> version.. I'm completely clearing the directory and letting samba 
> re-initialize it.
> If I go back to the previous Samba version, and re-intialize, I get
> the 
> secrets.ldb file.
> Any idea what's happening and what am I missing by not having the 
> secrets.ldb file?  Why do things "appear" to be working.
> It's really important that I get this right for a succesful
> migration.

Don't worry, nothing is wrong here.

Sorry for the noise.

BTW, the commit it comes from this this one, only in 4.13 and later:

commit 6cbd7d1a32cc7ccfb8d06eacdcade41d96b54519
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Feb 4 16:16:48 2020 +0100

    s4:param: make sure secrets_db_connect() no longer creates on empty secrets.ldb
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Wed Feb  5 10:13:02 UTC 2020 on sn-devel-184

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list