Gaiseric Vandal
2008-Jan-10 16:27 UTC
[Samba] password sync "Failed to open/create TDB passwd"
I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9.
my smb.conf file includes:
[global]
workgroup = MYDOMAIN
server string = myserver
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
password\ssuccessfully\schanged*\n
unix password sync = Yes
passwd chat debug = yes
passwd chat timeout = 10
dos charset = UTF8
unix charset = UTF8
display charset = UTF8
Samba was compiled to /usr/local/samba-3.0.26a
# ls -l /usr/local/samba-3.0.26a/private/passdb.tdb
-rw------- 1 root sysadmin 49152 Jan 10 08:05
/usr/local/samba-3.0.26a/private/passdb.tdb
Assuming password sync is disabled, password or account changes with
smbpasswd, pdbedit, User Manager for Domains work fine. If I enable
password sync, I can't change passwords as a user at a PC, or as an
administrator with User Manager for Domains. (I also can't use User
Manager for Domains to change things like "password never expires."
The samba log file of the Windows server with UsrMgr shows the following:
[2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [jsmith]
...
[2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662)
tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat
e/passdb.tdb: Permission denied
[2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829)
tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat
e/passdb.tdb]
The passdb file does exist- and samba is running as root. I have a
separate unix/windows account for the Domain Admin.
Gaiseric Vandal
2008-Jan-12 12:33 UTC
[Samba] password sync "Failed to open/create TDB passwd"
Does this mean I should be changing the locale? Is this a samba or an OS setting? Or should I just wait for the next version of Samba to fix this. Thanks On 1/10/08, Andriashyk Yuri <sysadmin@uosk.ua> wrote:> samba 2.026a-2.8 bug. > Will set temporally english locale. > > > Gaiseric Vandal ?????: > > I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9. > > > > my smb.conf file includes: > > > > [global] > > workgroup = MYDOMAIN > > server string = myserver > > passdb backend = tdbsam > > > > passwd program = /usr/bin/passwd %u > > passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s > > password\ssuccessfully\schanged*\n > > > > unix password sync = Yes > > passwd chat debug = yes > > passwd chat timeout = 10 > > > > dos charset = UTF8 > > unix charset = UTF8 > > display charset = UTF8 > > > > > > > > Samba was compiled to /usr/local/samba-3.0.26a > > > > # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb > > -rw------- 1 root sysadmin 49152 Jan 10 08:05 > > /usr/local/samba-3.0.26a/private/passdb.tdb > > > > > > Assuming password sync is disabled, password or account changes with > > smbpasswd, pdbedit, User Manager for Domains work fine. If I enable > > password sync, I can't change passwords as a user at a PC, or as an > > administrator with User Manager for Domains. (I also can't use User > > Manager for Domains to change things like "password never expires." > > > > The samba log file of the Windows server with UsrMgr shows the following: > > > > [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108) > > > > Get_Pwnam_internals did find user [jsmith] > > ... > > [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662) > > > > tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat > > e/passdb.tdb: Permission denied > > > > [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829) > > > > tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat > > e/passdb.tdb] > > > > > > > > > > The passdb file does exist- and samba is running as root. I have a > > separate unix/windows account for the Domain Admin. >
Helmut Hullen
2008-Jan-12 13:33 UTC
[Samba] password sync "Failed to open/create TDB passwd"
Hallo, Gaiseric, Du (gaiseric.vandal) meintest am 12.01.08:>>> tdb(unnamed): tdb_open_ex: could not open file >>> /usr/local/samba-3.0.26a/privat passdb.tdb: Permission denied>>> The passdb file does exist- and samba is running as root. I have >>> a separate unix/windows account for the Domain Admin.> Does this mean I should be changing the locale? Is this a samba or > an OS setting?Which rights has the directory, which rights has the file? Viele Gruesse! Helmut
Gaiseric Vandal
2008-Jan-14 16:23 UTC
[Samba] password sync "Failed to open/create TDB passwd"
I have now tried the following
- Upgraded from samba 3.026a to 3.028
- Rebuilt "--with-pam" and added "pam password change =
yes"
(some posts indicated this helped)
- Added a "root" samba account and a member of Domain Admins (to
see if it was related to unix level file permissions.)
- Moved the test user unix account out of nis and into the local
/etc/passwd.
- tried variations on the chat script.
# passwd chat = New %n\n new %n\n *changed* \n
passwd chat =*New* %n\n *new* %n\n *changed* \n
Nothing has helped.
The log files do show:
[2008/01/14 09:15:17, 0] smbd/chgpasswd.c:chat_with_program(440)
chat_with_program: Error: dochild() returned 0
Several of the posts on google referred to password sync working under
Samba 3.024 but then breaking when upgrading to Samab 3.027.
I have set the log level to 100 to try to catch any syntax error in
the chat script. Currently my smb.conf file includes:
[global]
workgroup = MYDOMAIN
server string = mypdc
passdb backend = tdbsam
log file = /var/log/samba/%m.log
max log size = 50
domain logons = Yes
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no
cups options = raw
passwd program = /usr/bin/passwd %u
# passwd program = /usr/bin/passwd -r nis %u
# passwd chat = *New*Password* %n\n *new*Password* %n\n *changed*
# passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed*
# passwd
chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n
# passwd chat = New %n\n new %n\n *changed* \n
passwd chat =*New* %n\n *new* %n\n *changed* \n
unix password sync = Yes
passwd chat debug = yes
passwd chat timeout = 10
log level = 100
pam password change = yes
dos charset = UTF8
unix charset = UTF8
display charset = UTF8
File perms include
# ls -l /usr/local/samba/private/passdb.tdb
-rw-rw---- 1 root sysadmin 49152 Jan 14 08:56 passdb.tdb
# ls -ld /usr/local/samba/var/locks
drwxrwxr-x 5 root sysadmin 1024 Jan 14 11:20 /usr/local/samba/var/locks
# ls -ld /usr/local/samba/var/locks/*
total 972
-rw------- 1 root root 8192 Jan 14 11:02 account_policy.tdb
-rw-r--r-- 1 root root 49152 Jan 14 10:41 brlock.tdb
-rw-r--r-- 1 root sysadmin 1440 Jan 14 11:20 browse.dat
Thanks
On 12 Jan 2008 13:43:00 +0100, Helmut Hullen <Hullen@t-online.de>
wrote:> Hallo, Gaiseric,
>
> Du (gaiseric.vandal) meintest am 12.01.08:
>
>
> >>> tdb(unnamed): tdb_open_ex: could not open file
> >>> /usr/local/samba-3.0.26a/privat passdb.tdb: Permission
denied
>
> >>> The passdb file does exist- and samba is running as root. I
have
> >>> a separate unix/windows account for the Domain Admin.
>
>
> > Does this mean I should be changing the locale? Is this a samba or
> > an OS setting?
>
>
> Which rights has the directory, which rights has the file?
>
> Viele Gruesse!
> Helmut
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
Apparently Analagous Threads
- password sync "Failed to open/create TDB passwd" - some progress
- password sync does not work
- "Failed to add users for testing" - pdb_getsampwnam (TDB): error fetching database
- Environment variables in smb.conf -- inconsistent results
- can't get Samba users from Windows