Re: [Samba] password sync Failed to open/create TDB passwd
This is working now. - smb.conf does need the pam password change = yes entry. - Samba does need to be compiled with the --with-pam option. (my initial reading of the documentation had been that I only needed it I was using plain text authentication) - passdb.tdb may need to be rw by the Administrator account. - And of course I needed to restart smbd (after hours.) FYI As part of the debugging process I created a /usr/bin/passwd.fake script to capture what (if anything) is being passed by the chat script to the passwd command, and updated the smb.conf. passwd program = /usr/bin/passwd.fake %u It doesn't look like smb.conf is even calling the password program any more. And the log files don't show anymore smbd/chgpasswd.c: entires. On Jan 14, 2008 11:22 AM, Gaiseric Vandal [EMAIL PROTECTED] wrote: I have now tried the following - Upgraded from samba 3.026a to 3.028 - Rebuilt --with-pam and added pam password change = yes (some posts indicated this helped) - Added a root samba account and a member of Domain Admins (to see if it was related to unix level file permissions.) - Moved the test user unix account out of nis and into the local /etc/passwd. - tried variations on the chat script. #passwd chat = New %n\n new %n\n *changed* \n passwd chat =*New* %n\n *new* %n\n *changed* \n Nothing has helped. The log files do show: [2008/01/14 09:15:17, 0] smbd/chgpasswd.c:chat_with_program(440) chat_with_program: Error: dochild() returned 0 Several of the posts on google referred to password sync working under Samba 3.024 but then breaking when upgrading to Samab 3.027. I have set the log level to 100 to try to catch any syntax error in the chat script.Currently my smb.conf file includes: [global] workgroup = MYDOMAIN server string = mypdc passdb backend = tdbsam log file = /var/log/samba/%m.log max log size = 50 domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no cups options = raw passwd program = /usr/bin/passwd %u #passwd program = /usr/bin/passwd -r nis %u # passwd chat = *New*Password* %n\n *new*Password* %n\n *changed* # passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed* # passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n #passwd chat = New %n\n new %n\n *changed* \n passwd chat =*New* %n\n *new* %n\n *changed* \n unix password sync = Yes passwd chat debug = yes passwd chat timeout = 10 log level = 100 pam password change = yes dos charset = UTF8 unix charset = UTF8 display charset = UTF8 File perms include # ls -l /usr/local/samba/private/passdb.tdb -rw-rw 1 root sysadmin 49152 Jan 14 08:56 passdb.tdb # ls -ld /usr/local/samba/var/locks drwxrwxr-x 5 root sysadmin1024 Jan 14 11:20 /usr/local/samba/var/locks # ls -ld /usr/local/samba/var/locks/* total 972 -rw--- 1 root root8192 Jan 14 11:02 account_policy.tdb -rw-r--r-- 1 root root 49152 Jan 14 10:41 brlock.tdb -rw-r--r-- 1 root sysadmin1440 Jan 14 11:20 browse.dat Thanks On 12 Jan 2008 13:43:00 +0100, Helmut Hullen [EMAIL PROTECTED] wrote: Hallo, Gaiseric, Du (gaiseric.vandal) meintest am 12.01.08: tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat passdb.tdb: Permission denied The passdb file does exist- and samba is running as root. I have a separate unix/windows account for the Domain Admin. Does this mean I should be changing the locale? Is this a samba or an OS setting? Which rights has the directory, which rights has the file? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync Failed to open/create TDB passwd
I have now tried the following - Upgraded from samba 3.026a to 3.028 - Rebuilt --with-pam and added pam password change = yes (some posts indicated this helped) - Added a root samba account and a member of Domain Admins (to see if it was related to unix level file permissions.) - Moved the test user unix account out of nis and into the local /etc/passwd. - tried variations on the chat script. #passwd chat = New %n\n new %n\n *changed* \n passwd chat =*New* %n\n *new* %n\n *changed* \n Nothing has helped. The log files do show: [2008/01/14 09:15:17, 0] smbd/chgpasswd.c:chat_with_program(440) chat_with_program: Error: dochild() returned 0 Several of the posts on google referred to password sync working under Samba 3.024 but then breaking when upgrading to Samab 3.027. I have set the log level to 100 to try to catch any syntax error in the chat script.Currently my smb.conf file includes: [global] workgroup = MYDOMAIN server string = mypdc passdb backend = tdbsam log file = /var/log/samba/%m.log max log size = 50 domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no cups options = raw passwd program = /usr/bin/passwd %u #passwd program = /usr/bin/passwd -r nis %u # passwd chat = *New*Password* %n\n *new*Password* %n\n *changed* # passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed* # passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\spassword\ssuccessfully\schanged*\n #passwd chat = New %n\n new %n\n *changed* \n passwd chat =*New* %n\n *new* %n\n *changed* \n unix password sync = Yes passwd chat debug = yes passwd chat timeout = 10 log level = 100 pam password change = yes dos charset = UTF8 unix charset = UTF8 display charset = UTF8 File perms include # ls -l /usr/local/samba/private/passdb.tdb -rw-rw 1 root sysadmin 49152 Jan 14 08:56 passdb.tdb # ls -ld /usr/local/samba/var/locks drwxrwxr-x 5 root sysadmin1024 Jan 14 11:20 /usr/local/samba/var/locks # ls -ld /usr/local/samba/var/locks/* total 972 -rw--- 1 root root8192 Jan 14 11:02 account_policy.tdb -rw-r--r-- 1 root root 49152 Jan 14 10:41 brlock.tdb -rw-r--r-- 1 root sysadmin1440 Jan 14 11:20 browse.dat Thanks On 12 Jan 2008 13:43:00 +0100, Helmut Hullen [EMAIL PROTECTED] wrote: Hallo, Gaiseric, Du (gaiseric.vandal) meintest am 12.01.08: tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat passdb.tdb: Permission denied The passdb file does exist- and samba is running as root. I have a separate unix/windows account for the Domain Admin. Does this mean I should be changing the locale? Is this a samba or an OS setting? Which rights has the directory, which rights has the file? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync Failed to open/create TDB passwd
Does this mean I should be changing the locale? Is this a samba or an OS setting? Or should I just wait for the next version of Samba to fix this. Thanks On 1/10/08, Andriashyk Yuri [EMAIL PROTECTED] wrote: samba 2.026a-2.8 bug. Will set temporally english locale. Gaiseric Vandal ?: I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9. my smb.conf file includes: [global] workgroup = MYDOMAIN server string = myserver passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s password\ssuccessfully\schanged*\n unix password sync = Yes passwd chat debug = yes passwd chat timeout = 10 dos charset = UTF8 unix charset = UTF8 display charset = UTF8 Samba was compiled to /usr/local/samba-3.0.26a # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb -rw--- 1 root sysadmin 49152 Jan 10 08:05 /usr/local/samba-3.0.26a/private/passdb.tdb Assuming password sync is disabled, password or account changes with smbpasswd, pdbedit, User Manager for Domains work fine. If I enable password sync, I can't change passwords as a user at a PC, or as an administrator with User Manager for Domains. (I also can't use User Manager for Domains to change things like password never expires. The samba log file of the Windows server with UsrMgr shows the following: [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [jsmith] ... [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662) tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat e/passdb.tdb: Permission denied [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829) tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat e/passdb.tdb] The passdb file does exist- and samba is running as root. I have a separate unix/windows account for the Domain Admin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync Failed to open/create TDB passwd
Hallo, Gaiseric, Du (gaiseric.vandal) meintest am 12.01.08: tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat passdb.tdb: Permission denied The passdb file does exist- and samba is running as root. I have a separate unix/windows account for the Domain Admin. Does this mean I should be changing the locale? Is this a samba or an OS setting? Which rights has the directory, which rights has the file? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync Failed to open/create TDB passwd - some progress
sounds like your passwd chat = line is wrong. what OS are you using? I can give you passwd chat for Fedora and CentOS Gaiseric Vandal wrote: I made a little progress. It is partly a file permissions error. If I change the permission of /usr/local/samba/private to 660. Since the unix Administrator (ie. Windows Domain Administrator) is in the sysadmin group, this gives it read-write permissions to this file. Under windows, as the Domain Administrator, I can now change account properties such as password never expires.(these parameters are apparently in tje account_policy.tdb file, which Administrator can't access anyway.) I still can not change a user's password from Windows (with password sync enabled.)However now I get the following error: The following error occured changing the properties of the user x Acess is denied Previously I got The following error occured changing the properties of the user x A device attached to the system is not functioning If I tail the log from the windows server as I try this. _samr_lookup_names: looking name on SID S-the-side-of-the-administrator-account ... UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/01/11 16:48:10, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) So it looks like Samba verifies that the Administrator account has the right to read the password file but still makes changes as the root account. smbd is running as root. There is no samba account for root. I did try adding Administrator to the root group to weed out any remaining file permission issues. Thanks -- Forwarded message -- From: Gaiseric Vandal [EMAIL PROTECTED] Date: Jan 10, 2008 11:27 AM Subject: password sync Failed to open/create TDB passwd To: Samba samba@lists.samba.org I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9. my smb.conf file includes: [global] workgroup = MYDOMAIN server string = myserver passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s password\ssuccessfully\schanged*\n unix password sync = Yes passwd chat debug = yes passwd chat timeout = 10 dos charset = UTF8 unix charset = UTF8 display charset = UTF8 Samba was compiled to /usr/local/samba-3.0.26a # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb -rw--- 1 root sysadmin 49152 Jan 10 08:05 /usr/local/samba-3.0.26a/private/passdb.tdb Assuming password sync is disabled, password or account changes with smbpasswd, pdbedit, User Manager for Domains work fine. If I enable password sync, I can't change passwords as a user at a PC, or as an administrator with User Manager for Domains. (I also can't use User Manager for Domains to change things like password never expires. The samba log file of the Windows server with UsrMgr shows the following: [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [jsmith] ... [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662) tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat e/passdb.tdb: Permission denied [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829) tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat e/passdb.tdb] The passdb file does exist- and samba is running as root. I have a separate unix/windows account for the Domain Admin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync Failed to open/create TDB passwd - some progress
Solaris 9. my smb.conf file includes the following passwd program = /usr/bin/passwd %u #passwd program = /usr/bin/passwd -r nis %u # passwd chat = *New*Password* %n\n *new*Password* %n\n *changed* # passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed* passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s password\ssuccessfully\schanged*\n As you can see I tried a few variants. User accounts are in NIS, but you don't need to explicitly specify this. On 1/11/08, Adam Williams [EMAIL PROTECTED] wrote: sounds like your passwd chat = line is wrong. what OS are you using? I can give you passwd chat for Fedora and CentOS Gaiseric Vandal wrote: I made a little progress. It is partly a file permissions error. If I change the permission of /usr/local/samba/private to 660. Since the unix Administrator (ie. Windows Domain Administrator) is in the sysadmin group, this gives it read-write permissions to this file. Under windows, as the Domain Administrator, I can now change account properties such as password never expires.(these parameters are apparently in tje account_policy.tdb file, which Administrator can't access anyway.) I still can not change a user's password from Windows (with password sync enabled.)However now I get the following error: The following error occured changing the properties of the user x Acess is denied Previously I got The following error occured changing the properties of the user x A device attached to the system is not functioning If I tail the log from the windows server as I try this. _samr_lookup_names: looking name on SID S-the-side-of-the-administrator-account ... UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/01/11 16:48:10, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) So it looks like Samba verifies that the Administrator account has the right to read the password file but still makes changes as the root account. smbd is running as root. There is no samba account for root. I did try adding Administrator to the root group to weed out any remaining file permission issues. Thanks -- Forwarded message -- From: Gaiseric Vandal [EMAIL PROTECTED] Date: Jan 10, 2008 11:27 AM Subject: password sync Failed to open/create TDB passwd To: Samba samba@lists.samba.org I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9. my smb.conf file includes: [global] workgroup = MYDOMAIN server string = myserver passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s password\ssuccessfully\schanged*\n unix password sync = Yes passwd chat debug = yes passwd chat timeout = 10 dos charset = UTF8 unix charset = UTF8 display charset = UTF8 Samba was compiled to /usr/local/samba-3.0.26a # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb -rw--- 1 root sysadmin 49152 Jan 10 08:05 /usr/local/samba-3.0.26a/private/passdb.tdb Assuming password sync is disabled, password or account changes with smbpasswd, pdbedit, User Manager for Domains work fine. If I enable password sync, I can't change passwords as a user at a PC, or as an administrator with User Manager for Domains. (I also can't use User Manager for Domains to change things like password never expires. The samba log file of the Windows server with UsrMgr shows the following: [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [jsmith] ... [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662) tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat e/passdb.tdb: Permission denied [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829) tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat e/passdb.tdb] The passdb file does exist- and samba is running as root. I have a separate unix/windows account for the Domain Admin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync Failed to open/create TDB passwd - some progress
have you seen this message? http://www.webservertalk.com/archive217-2007-12-2249011.html also, googling for solaris 9 passwd chat gets a lot of hits. i'd upgrade to samba-3.0.28a and then start plugging in other people's passwd chats for solaris 9 until you find one that works. Gaiseric Vandal wrote: Solaris 9. my smb.conf file includes the following passwd program = /usr/bin/passwd %u #passwd program = /usr/bin/passwd -r nis %u # passwd chat = *New*Password* %n\n *new*Password* %n\n *changed* # passwd chat = *New*Password* %n\n *Re-enter*new*Password* %n\n *changed* passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s password\ssuccessfully\schanged*\n As you can see I tried a few variants. User accounts are in NIS, but you don't need to explicitly specify this. On 1/11/08, Adam Williams [EMAIL PROTECTED] wrote: sounds like your passwd chat = line is wrong. what OS are you using? I can give you passwd chat for Fedora and CentOS Gaiseric Vandal wrote: I made a little progress. It is partly a file permissions error. If I change the permission of /usr/local/samba/private to 660. Since the unix Administrator (ie. Windows Domain Administrator) is in the sysadmin group, this gives it read-write permissions to this file. Under windows, as the Domain Administrator, I can now change account properties such as password never expires.(these parameters are apparently in tje account_policy.tdb file, which Administrator can't access anyway.) I still can not change a user's password from Windows (with password sync enabled.)However now I get the following error: The following error occured changing the properties of the user x Acess is denied Previously I got The following error occured changing the properties of the user x A device attached to the system is not functioning If I tail the log from the windows server as I try this. _samr_lookup_names: looking name on SID S-the-side-of-the-administrator-account ... UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/01/11 16:48:10, 5] smbd/uid.c:change_to_root_user(288) change_to_root_user: now uid=(0,0) gid=(0,0) So it looks like Samba verifies that the Administrator account has the right to read the password file but still makes changes as the root account. smbd is running as root. There is no samba account for root. I did try adding Administrator to the root group to weed out any remaining file permission issues. Thanks -- Forwarded message -- From: Gaiseric Vandal [EMAIL PROTECTED] Date: Jan 10, 2008 11:27 AM Subject: password sync Failed to open/create TDB passwd To: Samba samba@lists.samba.org I am trying to enable unix password sync. PDC is solaris 3.026a on Solaris 9. my smb.conf file includes: [global] workgroup = MYDOMAIN server string = myserver passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat=*New\sPassword:\s%n\nRe-enter\snew\sPassword:\s%n\npasswd:\s password\ssuccessfully\schanged*\n unix password sync = Yes passwd chat debug = yes passwd chat timeout = 10 dos charset = UTF8 unix charset = UTF8 display charset = UTF8 Samba was compiled to /usr/local/samba-3.0.26a # ls -l /usr/local/samba-3.0.26a/private/passdb.tdb -rw--- 1 root sysadmin 49152 Jan 10 08:05 /usr/local/samba-3.0.26a/private/passdb.tdb Assuming password sync is disabled, password or account changes with smbpasswd, pdbedit, User Manager for Domains work fine. If I enable password sync, I can't change passwords as a user at a PC, or as an administrator with User Manager for Domains. (I also can't use User Manager for Domains to change things like password never expires. The samba log file of the Windows server with UsrMgr shows the following: [2008/01/10 10:50:14, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [jsmith] ... [2008/01/10 10:50:14, 2] lib/util_tdb.c:tdb_log(662) tdb(unnamed): tdb_open_ex: could not open file /usr/local/samba-3.0.26a/privat e/passdb.tdb: Permission denied [2008/01/10 10:50:14, 0] passdb/pdb_tdb.c:tdbsam_open(829) tdbsam_open: Failed to open/create TDB passwd [/usr/local/samba-3.0.26a/privat e/passdb.tdb] The passdb file does exist- and samba is running as root. I have a separate unix/windows account for the Domain Admin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
