I have Samba and LDAP up and running, but I'm having problems editing the password policy using pdbedit. (I'm running 3.0.22) I've had a look at the man page for pdbedit but I don't really fully understand what it does in relation to passwd backends. Does pdbedit update just one backend and expect a user to export the updates to other backends? I think I've set up ldap as my default backend - but pdbedit doesn't update it. It looks like its updating some other backend. I guess my smb.conf (attached) isn't configured correctly? How do I find out which one it's updating?. I can also see a reference to pdbedit backend guest in the logs, but I don't understand why pdbedit is looking for this. I tried the following command: pdbedit -P "min password length" -C 7 -d 10 This is a snippet of the logs: The LDAP server is succesfully connected pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init account_policy_get: min password length:7 account policy value for min password length was 7 account_policy_set: min password length:7 account policy value for min password length is now 7 I'm guessing it's taking these values from /var/lib/samba/account_policy.tdb, it's not taking them from ldap - because it doesn't change sambaMinPwdLength I can see a search happening in the ldap logs, but I don't see any updates - is this expected behaviour? I believe I need to run the following command to update LDAP? pdbedit -y -i tdbsam -e ldapsam -d 10 However, when I do this, I get the following error message (more of log attached - but this is part I think is failing) Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init called with username="(null)" tdb(unnamed): tdb_open_ex: could not open file /etc/samba/passdb.tdb: No such file or directory Unable to open/create TDB passwd Can't sampwent! When configuring Samba initially, I had some problems, so I followed some instructions and deleted the following rm /etc/samba/*tdb rm /var/lib/samba/*tdb rm /var/lib/samba/*dat rm /var/log/samba/* as a result passdb.tdb is no longer, and didn't get re-created. Is there any way I can recreate this file? Is this the cause of my problems? Any help much appreciated, I've attached more details in case they are needed -------------- LDAP Entry ------------------------------------ dn: sambaDomainName=BLAHDEV,dc=example,dc=org sambaDomainName: BLAHDEV sambaMinPwdAge: 0 objectClass: top objectClass: sambaDomain objectClass: sambaUnixIdPool sambaPwdHistoryLength: 0 sambaNextGroupRid: 67109863 uidNumber: 1005 sambaLogonToChgPwd: 0 sambaLockoutDuration: 30 sambaMaxPwdAge: -1 sambaForceLogoff: -1 sambaLockoutThreshold: 0 gidNumber: 1000 sambaSID: S-1-5-21-317703500-4181503002-770181164 sambaNextUserRid: 67109862 sambaMinPwdLength: 5 sambaRefuseMachinePwdChange: 0 sambaAlgorithmicRidBase: 1000 sambaLockoutObservationWindow: 30 ---------------- SMB.CONF ----------------------------------- [global] workgroup = BLAHDEV netbios name = BLAHDEV-PDC security = user server string = Samba Server log level = 2 syslog = 0 log file = /var/log/samba/%m.log max log size = 100000 time server = Yes logon home = "" logon path = "" domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes encrypt passwords = Yes # unix password sync = Yes passwd program = /usr/sbin/ldap_userPassword_change %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Result**Success**** # Crackcheck settings to allow NT style password complexity checks check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2" ldap admin dn = cn=Manager,dc=example,dc=org ldap suffix = dc=dc=example,dc=org ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2" add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no ------------ FULL LOG FILE FOR PDBEDIT -------------------- [root@devpc-tm1 samba]# pdbedit -y -i tdbsam -e ldapsam -d 10 INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = BLAHDEV doing parameter netbios name = BLAHDEV-PDC handle_netbios_name: set global_myname to: BLAHDEV-PDC doing parameter security = user doing parameter server string = Samba Server doing parameter log level = 2 doing parameter syslog = 0 doing parameter log file = /var/log/samba/%m.log doing parameter max log size = 100000 doing parameter time server = Yes doing parameter logon home = "" doing parameter logon path = "" doing parameter domain logons = Yes doing parameter domain master = Yes doing parameter os level = 65 doing parameter preferred master = Yes doing parameter wins support = yes doing parameter encrypt passwords = Yes doing parameter passwd program = /usr/sbin/ldap_userPassword_change %u doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Result**Success**** doing parameter check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict doing parameter passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2" doing parameter ldap admin dn = cn=Manager,dc=example,dc=org doing parameter ldap suffix = dc=example,dc=org doing parameter ldap group suffix = ou=Groups doing parameter ldap user suffix = ou=Users doing parameter ldap machine suffix = ou=Computers doing parameter ldap idmap suffix = ou=Idmap doing parameter idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2" doing parameter add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" doing parameter delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" doing parameter add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w "%u" doing parameter add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" doing parameter add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" doing parameter delete user from group script /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" doing parameter set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' doing parameter idmap uid = 16777216-33554431 doing parameter idmap gid = 16777216-33554431 doing parameter template shell = /bin/false doing parameter winbind use default domain = no pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_PDC Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Trying to load: ldapsam:ldap://ldap-1 ldap://ldap-2 Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam:ldap://ldap-1 ldap://ldap-2 (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))] smbldap_search: base => [dc=example,dc=org], filter => [(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2] smbldap_open_connection: ldap://ldap-1 ldap://ldap-2 smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://ldap-1 ldap://ldap-2 as "cn=Manager,dc=example,dc=org" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Netbios name list:- my_netbios_names[0]="BLAHDEV-PDC" Trying to load: ldapsam:ldap://ldap-1 ldap://ldap-2 Attempting to find an passdb backend to match ldapsam:ldap://ldap-1 ldap://ldap-2 (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))] smbldap_search: base => [dc=example,dc=org], filter => [(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2] smbldap_open_connection: ldap://ldap-1 ldap://ldap-2 smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://ldap-1 ldap://ldap-2 as "cn=Manager,dc=example,dc=org" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Trying to load: tdbsam Attempting to find an passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Trying to load: ldapsam Attempting to find an passdb backend to match ldapsam (ldapsam) Found pdb backend ldapsam Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))] smbldap_search: base => [dc=example,dc=org], filter => [(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2] smbldap_open_connection: ldap://localhost smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://localhost as "cn=Manager,dc=example,dc=org" ldap_connect_system: succesful connection to the LDAP server The LDAP server is succesfully connected pdb backend ldapsam has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init called with username="(null)" tdb(unnamed): tdb_open_ex: could not open file /etc/samba/passdb.tdb: No such file or directory Unable to open/create TDB passwd Can't sampwent! -- View this message in context: http://www.nabble.com/pdbedit-password-policy---not-updating-ldapsam-tf3239423.html#a9004138 Sent from the Samba - General mailing list archive at Nabble.com.
Stefan Schmitz
2007-Feb-16 14:41 UTC
[Samba] pdbedit password policy - not updating ldapsam
Hi Jamurph, I think replikation of password policies to ldap startet of Samba 3.0.23d. Before this version you have to export them from the PDC to the LDAP-Server by pdbedit -y -i tdbsam -e ldapsam and import them on all BDCs with pdbedit -y -i ldapsam -e tdbsam Regards Stefan . jamurph schrieb:> I have Samba and LDAP up and running, but I'm having problems editing the > password policy using pdbedit. > > (I'm running 3.0.22) > > I've had a look at the man page for pdbedit but I don't really fully > understand what it does in relation to passwd backends. Does pdbedit update > just one backend and expect a user to export the updates to other backends? > > I think I've set up ldap as my default backend - but pdbedit doesn't update > it. It looks like its updating some other backend. I guess my smb.conf > (attached) isn't configured correctly? How do I find out which one it's > updating?. I can also see a reference to pdbedit backend guest in the logs, > but I don't understand why pdbedit is looking for this. > > I tried the following command: > pdbedit -P "min password length" -C 7 -d 10 > > This is a snippet of the logs: > The LDAP server is succesfully connected > pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > account_policy_get: min password length:7 > account policy value for min password length was 7 > account_policy_set: min password length:7 > account policy value for min password length is now 7 > > I'm guessing it's taking these values from > /var/lib/samba/account_policy.tdb, it's not taking them from ldap - because > it doesn't change sambaMinPwdLength > > I can see a search happening in the ldap logs, but I don't see any updates - > is this expected behaviour? > > I believe I need to run the following command to update LDAP? > pdbedit -y -i tdbsam -e ldapsam -d 10 > > However, when I do this, I get the following error message (more of log > attached - but this is part I think is failing) > > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > called with username="(null)" > tdb(unnamed): tdb_open_ex: could not open file /etc/samba/passdb.tdb: No > such file or directory > Unable to open/create TDB passwd > Can't sampwent! > > > When configuring Samba initially, I had some problems, so I followed some > instructions and deleted the following > > rm /etc/samba/*tdb > rm /var/lib/samba/*tdb > rm /var/lib/samba/*dat > rm /var/log/samba/* > > as a result passdb.tdb is no longer, and didn't get re-created. Is there any > way I can recreate this file? Is this the cause of my problems? > > Any help much appreciated, I've attached more details in case they are > needed > > > -------------- LDAP Entry ------------------------------------ > > dn: sambaDomainName=BLAHDEV,dc=example,dc=org > sambaDomainName: BLAHDEV > sambaMinPwdAge: 0 > objectClass: top > objectClass: sambaDomain > objectClass: sambaUnixIdPool > sambaPwdHistoryLength: 0 > sambaNextGroupRid: 67109863 > uidNumber: 1005 > sambaLogonToChgPwd: 0 > sambaLockoutDuration: 30 > sambaMaxPwdAge: -1 > sambaForceLogoff: -1 > sambaLockoutThreshold: 0 > gidNumber: 1000 > sambaSID: S-1-5-21-317703500-4181503002-770181164 > sambaNextUserRid: 67109862 > sambaMinPwdLength: 5 > sambaRefuseMachinePwdChange: 0 > sambaAlgorithmicRidBase: 1000 > sambaLockoutObservationWindow: 30 > > > > ---------------- SMB.CONF ----------------------------------- > [global] > workgroup = BLAHDEV > netbios name = BLAHDEV-PDC > security = user > server string = Samba Server > log level = 2 > syslog = 0 > log file = /var/log/samba/%m.log > max log size = 100000 > time server = Yes > logon home = "" > logon path = "" > domain logons = Yes > domain master = Yes > os level = 65 > preferred master = Yes > wins support = yes > encrypt passwords = Yes > # unix password sync = Yes > passwd program = /usr/sbin/ldap_userPassword_change %u > passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n > *Result**Success**** > # Crackcheck settings to allow NT style password complexity checks > check password script = /sbin/crackcheck -c -d /usr/lib/cracklib_dict > passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2" > ldap admin dn = cn=Manager,dc=example,dc=org > ldap suffix = dc=dc=example,dc=org > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2" > add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" > delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" > add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 -w "%u" > add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" > add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > template shell = /bin/false > winbind use default domain = no > > > > ------------ FULL LOG FILE FOR PDBEDIT -------------------- > > [root@devpc-tm1 samba]# pdbedit -y -i tdbsam -e ldapsam -d 10 > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > lp_load: refreshing parameters > Initialising global parameters > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > Processing section "[global]" > doing parameter workgroup = BLAHDEV > doing parameter netbios name = BLAHDEV-PDC > handle_netbios_name: set global_myname to: BLAHDEV-PDC > doing parameter security = user > doing parameter server string = Samba Server > doing parameter log level = 2 > doing parameter syslog = 0 > doing parameter log file = /var/log/samba/%m.log > doing parameter max log size = 100000 > doing parameter time server = Yes > doing parameter logon home = "" > doing parameter logon path = "" > doing parameter domain logons = Yes > doing parameter domain master = Yes > doing parameter os level = 65 > doing parameter preferred master = Yes > doing parameter wins support = yes > doing parameter encrypt passwords = Yes > doing parameter passwd program = /usr/sbin/ldap_userPassword_change %u > doing parameter passwd chat = *New*password* %n\n *Re-enter*new*password* > %n\n *Result**Success**** > doing parameter check password script = /sbin/crackcheck -c -d > /usr/lib/cracklib_dict > doing parameter passdb backend = ldapsam:"ldap://ldap-1 ldap://ldap-2" > doing parameter ldap admin dn = cn=Manager,dc=example,dc=org > doing parameter ldap suffix = dc=example,dc=org > doing parameter ldap group suffix = ou=Groups > doing parameter ldap user suffix = ou=Users > doing parameter ldap machine suffix = ou=Computers > doing parameter ldap idmap suffix = ou=Idmap > doing parameter idmap backend = ldap:"ldap://ldap-1 ldap://ldap-2" > doing parameter add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" > doing parameter delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" > doing parameter add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 1 > -w "%u" > doing parameter add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" > doing parameter add user to group script = /opt/IDEALX/sbin/smbldap-groupmod > -m "%u" "%g" > doing parameter delete user from group script > /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" > doing parameter set primary group script = /opt/IDEALX/sbin/smbldap-usermod > -g '%g' '%u' > doing parameter idmap uid = 16777216-33554431 > doing parameter idmap gid = 16777216-33554431 > doing parameter template shell = /bin/false > doing parameter winbind use default domain = no > pm_process() returned Yes > lp_servicenumber: couldn't find homes > set_server_role: role = ROLE_DOMAIN_PDC > Attempting to register new charset UCS-2LE > Registered charset UCS-2LE > Attempting to register new charset UTF-16LE > Registered charset UTF-16LE > Attempting to register new charset UCS-2BE > Registered charset UCS-2BE > Attempting to register new charset UTF-16BE > Registered charset UTF-16BE > Attempting to register new charset UTF8 > Registered charset UTF8 > Attempting to register new charset UTF-8 > Registered charset UTF-8 > Attempting to register new charset ASCII > Registered charset ASCII > Attempting to register new charset 646 > Registered charset 646 > Attempting to register new charset ISO-8859-1 > Registered charset ISO-8859-1 > Attempting to register new charset UCS2-HEX > Registered charset UCS2-HEX > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Substituting charset 'UTF-8' for LOCALE > Trying to load: ldapsam:ldap://ldap-1 ldap://ldap-2 > Attempting to register passdb backend ldapsam > Successfully added passdb backend 'ldapsam' > Attempting to register passdb backend ldapsam_compat > Successfully added passdb backend 'ldapsam_compat' > Attempting to register passdb backend smbpasswd > Successfully added passdb backend 'smbpasswd' > Attempting to register passdb backend tdbsam > Successfully added passdb backend 'tdbsam' > Attempting to register passdb backend guest > Successfully added passdb backend 'guest' > Attempting to find an passdb backend to match ldapsam:ldap://ldap-1 > ldap://ldap-2 (ldapsam) > Found pdb backend ldapsam > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))] > smbldap_search: base => [dc=example,dc=org], filter => > [(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2] > smbldap_open_connection: ldap://ldap-1 ldap://ldap-2 > smbldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server ldap://ldap-1 ldap://ldap-2 as > "cn=Manager,dc=example,dc=org" > ldap_connect_system: succesful connection to the LDAP server > The LDAP server is succesfully connected > pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > Netbios name list:- > my_netbios_names[0]="BLAHDEV-PDC" > Trying to load: ldapsam:ldap://ldap-1 ldap://ldap-2 > Attempting to find an passdb backend to match ldapsam:ldap://ldap-1 > ldap://ldap-2 (ldapsam) > Found pdb backend ldapsam > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))] > smbldap_search: base => [dc=example,dc=org], filter => > [(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2] > smbldap_open_connection: ldap://ldap-1 ldap://ldap-2 > smbldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server ldap://ldap-1 ldap://ldap-2 as > "cn=Manager,dc=example,dc=org" > ldap_connect_system: succesful connection to the LDAP server > The LDAP server is succesfully connected > pdb backend ldapsam:ldap://ldap-1 ldap://ldap-2 has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > Trying to load: tdbsam > Attempting to find an passdb backend to match tdbsam (tdbsam) > Found pdb backend tdbsam > pdb backend tdbsam has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > Trying to load: ldapsam > Attempting to find an passdb backend to match ldapsam (ldapsam) > Found pdb backend ldapsam > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))] > smbldap_search: base => [dc=example,dc=org], filter => > [(&(objectClass=sambaDomain)(sambaDomainName=BLAHDEV))], scope => [2] > smbldap_open_connection: ldap://localhost > smbldap_open_connection: connection opened > ldap_connect_system: Binding to ldap server ldap://localhost as > "cn=Manager,dc=example,dc=org" > ldap_connect_system: succesful connection to the LDAP server > The LDAP server is succesfully connected > pdb backend ldapsam has a valid init > Attempting to find an passdb backend to match guest (guest) > Found pdb backend guest > pdb backend guest has a valid init > called with username="(null)" > tdb(unnamed): tdb_open_ex: could not open file /etc/samba/passdb.tdb: No > such file or directory > Unable to open/create TDB passwd > Can't sampwent! >
I think the problem is part related to me having a wrong version of pdbedit. I need to update samba-client. Now I must see if I can find a source rpm that i can build and install on centos 4.3 [root@devpc-tm1 lib]# pdbedit -V Version 3.0.10-1.4E.11 [root@devpc-tm1 lib]# which pdbedit /usr/bin/pdbedit [root@devpc-tm1 lib]# yum list | grep samba Repository base is listed more than once in the configuration samba.i386 3.0.24-1 installed samba-common.i386 3.0.10-1.4E.11 installed samba.i386 3.0.10-1.4E.11 updates-released samba-client.i386 3.0.10-1.4E.11 updates-released samba-swat.i386 3.0.10-1.4E.11 updates-released system-config-samba.noarch 1.2.21-1 base -- View this message in context: http://www.nabble.com/pdbedit-password-policy---not-updating-ldapsam-tf3239423.html#a9060254 Sent from the Samba - General mailing list archive at Nabble.com.
For anyone who runs into similar problems in the future I updated samba3 and samba3-client and it has solved the password lockout problem. http://www.nabble.com/CentOS-samba-upgrade-tf3178510.html#a8820049 installed latest versions for centos 4.3 from http://ftp.sernet.de/pub/samba/rhel/rhel4-i386/ [root@devpc-tm1 ~]# yum list | grep samba Repository base is listed more than once in the configuration samba3.i386 3.0.24-30 installed samba3-client.i386 3.0.24-30 installed samba.i386 3.0.10-1.4E.11 updates-released samba-client.i386 3.0.10-1.4E.11 updates-released samba-common.i386 3.0.10-1.4E.11 updates-released samba-swat.i386 3.0.10-1.4E.11 updates-released system-config-samba.noarch 1.2.21-1 base -- View this message in context: http://www.nabble.com/pdbedit-password-policy---not-updating-ldapsam-tf3239423.html#a9063162 Sent from the Samba - General mailing list archive at Nabble.com.