samba - Jan 2008 - password sync "Failed to open/create TDB passwd"

I am trying to enable unix password sync.  PDC is solaris 3.026a on Solaris 9.

my smb.conf file includes:

[global]
        workgroup = MYDOMAIN
        server string = myserver
        passdb backend = tdbsam

        passwd program =  /usr/bin/passwd %u
        passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
password\ssuccessfully\schanged*\n

        unix password sync = Yes
        passwd chat debug = yes
        passwd chat timeout = 10

        dos charset = UTF8
        unix charset = UTF8
        display charset = UTF8



Samba was compiled to /usr/local/samba-3.0.26a

# ls -l /usr/local/samba-3.0.26a/private/passdb.tdb
-rw-------   1 root     sysadmin   49152 Jan 10 08:05
/usr/local/samba-3.0.26a/private/passdb.tdb


Assuming password sync is disabled, password or account  changes with
smbpasswd, pdbedit, User Manager for Domains work fine.   If I enable
password sync, I can't change passwords as a user at a PC, or as an
administrator with User Manager for Domains.  (I also can't use User
Manager for Domains to change things like "password never expires."

The samba log file of the Windows server with UsrMgr shows the following:

[2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108)

  Get_Pwnam_internals did find user [jsmith]
...
[2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662)

  tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat
e/passdb.tdb: Permission denied

[2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829)

  tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat
e/passdb.tdb]




The passdb file does exist-  and samba is running as root.  I have a
separate unix/windows account for the Domain Admin.

Does this mean I should be changing the locale?  Is this a samba or an
OS setting?

Or should I just wait for the next version of Samba to fix this.

Thanks


On 1/10/08, Andriashyk Yuri <sysadmin@uosk.ua>
wrote:
>  samba 2.026a-2.8 bug.
>  Will set temporally english locale.
>
>
> Gaiseric Vandal ?????:
> > I am trying to enable unix password sync.  PDC is solaris 3.026a on
Solaris 9.
> >
> > my smb.conf file includes:
> >
> > [global]
> >         workgroup = MYDOMAIN
> >         server string = myserver
> >         passdb backend = tdbsam
> >
> >         passwd program =  /usr/bin/passwd %u
> >         passwd
chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s
> > password\ssuccessfully\schanged*\n
> >
> >         unix password sync = Yes
> >         passwd chat debug = yes
> >         passwd chat timeout = 10
> >
> >         dos charset = UTF8
> >         unix charset = UTF8
> >         display charset = UTF8
> >
> >
> >
> > Samba was compiled to /usr/local/samba-3.0.26a
> >
> > # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb
> > -rw-------   1 root     sysadmin   49152 Jan 10 08:05
> > /usr/local/samba-3.0.26a/private/passdb.tdb
> >
> >
> > Assuming password sync is disabled, password or account  changes with
> > smbpasswd, pdbedit, User Manager for Domains work fine.   If I enable
> > password sync, I can't change passwords as a user at a PC, or as
an
> > administrator with User Manager for Domains.  (I also can't use
User
> > Manager for Domains to change things like "password never
expires."
> >
> > The samba log file of the Windows server with UsrMgr shows the
following:
> >
> > [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108)
> >
> >   Get_Pwnam_internals did find user [jsmith]
> > ...
> > [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662)
> >
> >   tdb(unnamed): tdb_open_ex: could not open file
/usr/local/samba-3.0.26a/privat
> > e/passdb.tdb: Permission denied
> >
> > [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829)
> >
> >   tdbsam_open: Failed to open/create TDB passwd
[/usr/local/samba-3.0.26a/privat
> > e/passdb.tdb]
> >
> >
> >
> >
> > The passdb file does exist-  and samba is running as root.  I have a
> > separate unix/windows account for the Domain Admin.
>

Hallo, Gaiseric,

Du (gaiseric.vandal) meintest am 12.01.08:

>>>   tdb(unnamed): tdb_open_ex: could not open file
>>>   /usr/local/samba-3.0.26a/privat passdb.tdb: Permission denied
>>> The passdb file does exist-  and samba is running as root.  I have
>>> a separate unix/windows account for the Domain Admin.
> Does this mean I should be changing the locale?  Is this a samba or
> an OS setting?

Which rights has the directory, which rights has the file?

Viele Gruesse!
Helmut

I have now tried the following
  -   Upgraded from samba 3.026a to 3.028
  -   Rebuilt  "--with-pam" and added "pam password change =
yes"
(some posts indicated this helped)
  -   Added a "root" samba account and a member of Domain Admins (to
see if it was related to unix level file permissions.)
  -   Moved the test user unix  account out of nis and into the local
/etc/passwd.
  -   tried variations on the chat script.

#        passwd chat = New %n\n new %n\n *changed* \n
         passwd chat =*New* %n\n *new* %n\n *changed* \n


Nothing has helped.

The log files do show:

[2008/01/14 09:15:17, 0] smbd/chgpasswd.c:chat_with_program(440)

  chat_with_program: Error: dochild() returned 0



Several of the posts on google referred to password sync working under
Samba 3.024 but then breaking when upgrading to Samab 3.027.

I have set the log level to 100 to try to catch any syntax error in
the chat script.    Currently my smb.conf file includes:

[global]
        workgroup = MYDOMAIN
        server string = mypdc
        passdb backend = tdbsam
        log file = /var/log/samba/%m.log
        max log size = 50
        domain logons = Yes
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        ldap ssl = no
        cups options = raw

        passwd program =  /usr/bin/passwd %u
#        passwd program =  /usr/bin/passwd -r nis  %u
#       passwd chat = *New*Password* %n\n *new*Password* %n\n *changed*
#       passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed*
#       passwd
chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n
#        passwd chat = New %n\n new %n\n *changed* \n
         passwd chat =*New* %n\n *new* %n\n *changed* \n
        unix password sync = Yes
        passwd chat debug = yes
        passwd chat timeout = 10
        log level = 100
        pam password change = yes

        dos charset = UTF8
        unix charset = UTF8
        display charset = UTF8


File perms include
# ls -l /usr/local/samba/private/passdb.tdb
-rw-rw----   1 root     sysadmin   49152 Jan 14 08:56 passdb.tdb

# ls -ld /usr/local/samba/var/locks
drwxrwxr-x   5 root     sysadmin    1024 Jan 14 11:20 /usr/local/samba/var/locks


# ls -ld /usr/local/samba/var/locks/*
total 972
-rw-------   1 root     root        8192 Jan 14 11:02 account_policy.tdb
-rw-r--r--   1 root     root       49152 Jan 14 10:41 brlock.tdb
-rw-r--r--   1 root     sysadmin    1440 Jan 14 11:20 browse.dat


Thanks





On 12 Jan 2008 13:43:00 +0100, Helmut Hullen <Hullen@t-online.de>
wrote:
> Hallo, Gaiseric,
>
> Du (gaiseric.vandal) meintest am 12.01.08:
>
>
> >>>   tdb(unnamed): tdb_open_ex: could not open file
> >>>   /usr/local/samba-3.0.26a/privat passdb.tdb: Permission
denied
>
> >>> The passdb file does exist-  and samba is running as root.  I
have
> >>> a separate unix/windows account for the Domain Admin.
>
>
> > Does this mean I should be changing the locale?  Is this a samba or
> > an OS setting?
>
>
> Which rights has the directory, which rights has the file?
>
> Viele Gruesse!
> Helmut
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>