[Samba] problems with secrets.ldb in samba 4.13.4
jas at eecs.yorku.ca
Wed Feb 10 01:38:03 UTC 2021
On 2/9/2021 8:15 PM, Andrew Bartlett wrote:
> On Tue, 2021-02-09 at 19:56 -0500, Jason Keltz via samba wrote:
>> I'm just about to join 300+ hosts to a new AD domain next week. We
>> upgraded from latest Samba 4.11 to 4.13.4.
>> On a client in the domain, I unjoin the domain, clear the samba
>> directory, and run my script for joining a host to the domain.
>> The join appears to succeed and I can login to the host. winbind
>> However, in the samba winbind log, log.wb-<WORKGROUP> I see many many
>> ldb: Failed to connect to '/local/samba/private/secrets.ldb' with
>> backend 'tdb': Unable to open tdb '/local/samba/private/secrets.ldb':
>> such file or directory
>> Sure enough, only the file secrets.tdb exists, and not secrets.ldb.
> Which is fine.
>> Has something changed between 4.11 and 4.13 with respects to
> We stopped implicitly creating an empty file without any secrets in
> It is harmless, we just have some common code to handle the 'member
> server' case (remembering that an AD DC is itself a member servers to
> it's own domain) that tries to cope with the different way this data is
>> I'm not even trying to make an old configuration work with the new
>> version.. I'm completely clearing the directory and letting samba
>> re-initialize it.
>> If I go back to the previous Samba version, and re-intialize, I get
>> secrets.ldb file.
>> Any idea what's happening and what am I missing by not having the
>> secrets.ldb file? Why do things "appear" to be working.
>> It's really important that I get this right for a succesful
> Don't worry, nothing is wrong here.
> Sorry for the noise.
> BTW, the commit it comes from this this one, only in 4.13 and later:
> commit 6cbd7d1a32cc7ccfb8d06eacdcade41d96b54519
> Author: Stefan Metzmacher <metze at samba.org>
> Date: Tue Feb 4 16:16:48 2020 +0100
> s4:param: make sure secrets_db_connect() no longer creates on empty secrets.ldb
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> Reviewed-by: Andreas Schneider <asn at samba.org>
> Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
> Autobuild-Date(master): Wed Feb 5 10:13:02 UTC 2020 on sn-devel-184
> Andrew Bartlett
Thanks so much Andrew!
That's excellent news. The noise was concerning, but now that I know
it's just noise, that's a good thing.
One other potential issue that I just noticed is that in log.wb-<HOST>
[2021/02/09 19:51:22.998817, 0, pid=4349, effective(0, 0), real(0, 0)]
open_internal_pipe: Could not connect to dssetup pipe:
[2021/02/09 19:51:22.999193, 0, pid=4349, effective(0, 0), real(0, 0)]
rpcint_dispatch: DCE/RPC fault in call lsarpc:2E -
Again, it doesn't seem to cause any trouble. Everything seems to be
otherwise working, but I didn't see this before in 4.11.
More information about the samba