[Samba] winbind error after startup on Samba member server

Michael Tokarev mjt at tls.msk.ru
Sat Jun 15 20:10:07 UTC 2024

14.06.2024 22:05, Peter Milesson via samba:
> Hi folks,
> I think I have sorted it out. Hopefully.
> I installed samba-dsdb-modules, and then the complaints stopped. I had the impression that samba-dsdb-modules are only required on a AD DC, but that's 
> probably not completely true.

Wow.  Yes, I was thinking merging dsdb modules into samba-ad-dc (it can't be done anyway
since it's also used by sssd but this is a different story).

Maybe winbind should recommend python3-samba and dsdb-modules, or maybe python3-samba
should recommend dsdb-modules.  Unfortunately its not really clear which is what and
where it should be used.

> On the other server with frequent complaints about "Failed to connect to '/var/lib/samba/private/secrets.ldb'", it was a dangling misconfiguration in 
> smb.conf. The parameter "inherit acls" seems to be the culprit. I set ACLs exclusively from Windows and this parameter is used when setting POSIX 
> ACLs. Now, Samba seems to be satisfied.

The secrets.ldb message is well-known and absolutely harmless (but definitely annoying).
It can be mitigated by creating an empty secrets.ldb database with tdbtool:

  echo create /var/lib/samba/private/secrets.ldb | tdbtool

It is not related to your initial problem in any way, but it sure might be misleading.

Thank you for sharing your results!


GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

More information about the samba mailing list