[Samba] samba-tool domain join: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory

Rowland Penny rpenny at samba.org
Mon Oct 31 14:42:01 UTC 2022

On 31/10/2022 14:25, Michael Tokarev wrote:
> 31.10.2022 17:14, Rowland Penny via samba wrote:
> ..
>>>> The join doesn't add a Unix ID to a computers object:
>>>> 1) it is only used by the 'ad' idmap backend
>>>> 2) there is nowhere to find the next ID to use.
>>> Yeah it doesn't, and I remember coming across that already in the 
>>> past debugging
>>> this issue, - I had to manually add uidNumber & gidNumber to the 
>>> computer object.
>>> But I didn't add these attributes to all of them, - eg, another 
>>> (non-test) server
>>> here (which also logs this very error message *alot*, btw) does not 
>>> have it too,
>>> while some windows machines have it.
>>> If it can not be added automatically but is required, maybe it is a 
>>> good idea
>>> to add a warning somewhere at the end of `samba-tool domain join' 
>>> output about
>>> that?
>> Sorry, but I am not going to try and fight that battle again.
> Which battle?  Are you saying it is absolutely wrong to print a warning if
> samba-tool domain join were unable to assign uidNumber to the new object
> it created? Hmm okay, I'll shut up now, because it looks like I don't
> understand something fundamental...

I tried to update 'samba-tool user add' and 'samba-tool group add' to 
work like ADUC, you added the required switches and the user or group 
would be created with the required rfc2307 attributes. This was rejected 
for various reasons, so I tried to work around these 'reasons', but to 
no avail. I will not go there again.


More information about the samba mailing list