Trying to delete user root from /etc/passdb.tdb with smbpasswd fails (no PDC, no winbind). test # smbd -V Version 4.1.2-for-eisfair-1-patch-1 test # grep ^root /etc/passwd root:x:0:0:root:/root:/bin/bash test # pdbedit -Lw root root:0:C2265B23734E0DACAAD3B435B51404EE:69943C5E63B4D2C104DBBCC15138B72B:[U ]:LCT-52AEF04A: test # smbpasswd -D 10 -x root INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 params.c:pm_process() - Processing configuration file "/etc/smb.conf" Processing section "[global]" doing parameter dos charset = CP850 doing parameter unix charset = UTF-8 doing parameter workgroup = TOMMAIK doing parameter serverstring = doing parameter interfaces = 127.0.0.1/8 192.168.0.8/255.255.255.0 doing parameter bind interfaces only = yes doing parameter security = user doing parameter password server = doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*Password:* %n\n *Reenter*New*Password:* %n\n *Password*changed* doing parameter username map = /etc/user.map doing parameter username level = 2 doing parameter unix password sync = yes doing parameter debug level = 0 doing parameter max log size = 10000 doing parameter nameresolveorder = lmhosts host wins bcast doing parameter time server = yes doing parameter deadtime = 60 doing parameter printing = lprng doing parameter printcap name = /etc/printcap doing parameter printcap cache time = 0 doing parameter load printers = no doing parameter mangling method = hash2 doing parameter domain logons = no doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u' doing parameter add machine script = doing parameter delete user script = doing parameter add group script = /var/install/bin/add-group '%g' doing parameter delete group script = /var/install/bin/remove-group '%g' doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u' doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u' doing parameter set primary group script = /var/install/bin/modify-user -g '%u' '%g' doing parameter os level = 0 doing parameter preferred master = no doing parameter local master = no doing parameter domain master = no doing parameter wins support = no doing parameter wins hook = doing parameter wins server = doing parameter wins proxy = no doing parameter kernel oplocks = no doing parameter utmp = yes doing parameter message command = /var/install/bin/samba-netbios-mail '%f' '%s' doing parameter admin users = root doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0 doing parameter dos filetime resolution = yes doing parameter use sendfile = yes doing parameter unix extensions = no doing parameter wide links = yes doing parameter enable core files = no doing parameter max mux = 10000 doing parameter dos filemode = yes doing parameter acl group control = yes doing parameter force unknown acl user = yes doing parameter inherit acls = yes doing parameter map acl inherit = yes doing parameter map hidden = no doing parameter map system = no doing parameter map archive = no doing parameter map read only = no doing parameter store dos attributes = yes doing parameter ea support = yes doing parameter oplocks = no doing parameter level2 oplocks = no doing parameter blocking locks = no doing parameter hide files = /desktop.ini/Thumbs.db/ doing parameter dos filemode = yes doing parameter passdb backend = tdbsam doing parameter lanman auth = yes doing parameter client lanman auth = yes doing parameter client plaintext auth = yes doing parameter client ntlmv2 auth = no doing parameter max protocol = SMB3 doing parameter min receivefile size = 16384 doing parameter aio read size = 16384 doing parameter aio write size = 16384 doing parameter client max protocol = SMB3 doing parameter acl allow execute always = yes doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="TEST" Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init tdbsam_open: successfully opened /etc/passdb.tdb pdb_set_username: setting username root, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: test pdb_set_homedir: setting home dir \\test\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003 account_policy_get: name: maximum password age, val: -1 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! Opening cache file at /var/lock/samba/gencache.tdb Opening cache file at /var/lock/samba/gencache_notrans.tdb gid_to_sid: winbind failed to find a sid for gid 0 LEGACY: gid 0 -> sid S-1-22-2-0 Forcing Primary Group to 'Domain Users' for root account_policy_get: name: password history, val: 0 pdb_set_username: setting username root, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: test pdb_set_homedir: setting home dir \\test\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003 pdb_set_group_sid: setting group sid S-1-5-21-4093749324-3310999274-4195910024-513 winbind failed to find a uid for sid S-1-5-21-4093749324-3310999274-4195910024-1003 lookup_global_sam_rid: looking up RID 1003. pdb_set_username: setting username root, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: test pdb_set_homedir: setting home dir \\test\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! Failed to delete entry for user root. I _can_ delete normal users with smbpasswd: ------------------------------------------- test # smbpasswd -D 10 -x tb INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 params.c:pm_process() - Processing configuration file "/etc/smb.conf" Processing section "[global]" doing parameter dos charset = CP850 doing parameter unix charset = UTF-8 doing parameter workgroup = TOMMAIK doing parameter serverstring = doing parameter interfaces = 127.0.0.1/8 192.168.0.8/255.255.255.0 doing parameter bind interfaces only = yes doing parameter security = user doing parameter password server = doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*Password:* %n\n *Reenter*New*Password:* %n\n *Password*changed* doing parameter username map = /etc/user.map doing parameter username level = 2 doing parameter unix password sync = yes doing parameter debug level = 0 doing parameter max log size = 10000 doing parameter nameresolveorder = lmhosts host wins bcast doing parameter time server = yes doing parameter deadtime = 60 doing parameter printing = lprng doing parameter printcap name = /etc/printcap doing parameter printcap cache time = 0 doing parameter load printers = no doing parameter mangling method = hash2 doing parameter domain logons = no doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u' doing parameter add machine script = doing parameter delete user script = doing parameter add group script = /var/install/bin/add-group '%g' doing parameter delete group script = /var/install/bin/remove-group '%g' doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u' doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u' doing parameter set primary group script = /var/install/bin/modify-user -g '%u' '%g' doing parameter os level = 0 doing parameter preferred master = no doing parameter local master = no doing parameter domain master = no doing parameter wins support = no doing parameter wins hook = doing parameter wins server = doing parameter wins proxy = no doing parameter kernel oplocks = no doing parameter utmp = yes doing parameter message command = /var/install/bin/samba-netbios-mail '%f' '%s' doing parameter admin users = root doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0 doing parameter dos filetime resolution = yes doing parameter use sendfile = yes doing parameter unix extensions = no doing parameter wide links = yes doing parameter enable core files = no doing parameter max mux = 10000 doing parameter dos filemode = yes doing parameter acl group control = yes doing parameter force unknown acl user = yes doing parameter inherit acls = yes doing parameter map acl inherit = yes doing parameter map hidden = no doing parameter map system = no doing parameter map archive = no doing parameter map read only = no doing parameter store dos attributes = yes doing parameter ea support = yes doing parameter oplocks = no doing parameter level2 oplocks = no doing parameter blocking locks = no doing parameter hide files = /desktop.ini/Thumbs.db/ doing parameter dos filemode = yes doing parameter passdb backend = tdbsam doing parameter lanman auth = yes doing parameter client lanman auth = yes doing parameter client plaintext auth = yes doing parameter client ntlmv2 auth = no doing parameter max protocol = SMB3 doing parameter min receivefile size = 16384 doing parameter aio read size = 16384 doing parameter aio write size = 16384 doing parameter client max protocol = SMB3 doing parameter acl allow execute always = yes doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="TEST" Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init tdbsam_open: successfully opened /etc/passdb.tdb pdb_set_username: setting username tb, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name tb, was Home server: test pdb_set_homedir: setting home dir \\test\tb, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\tb\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 from rid 1004 account_policy_get: name: maximum password age, val: -1 Finding user tb Trying _Get_Pwnam(), username as lowercase is tb Get_Pwnam_internals did find user [tb]! Opening cache file at /var/lock/samba/gencache.tdb Opening cache file at /var/lock/samba/gencache_notrans.tdb gid_to_sid: winbind failed to find a sid for gid 100 LEGACY: gid 100 -> sid S-1-22-2-100 Forcing Primary Group to 'Domain Users' for tb account_policy_get: name: password history, val: 0 pdb_set_username: setting username tb, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name tb, was Home server: test pdb_set_homedir: setting home dir \\test\tb, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\tb\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 from rid 1004 pdb_set_group_sid: setting group sid S-1-5-21-4093749324-3310999274-4195910024-513 winbind failed to find a uid for sid S-1-5-21-4093749324-3310999274-4195910024-1004 lookup_global_sam_rid: looking up RID 1004. pdb_set_username: setting username tb, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name tb, was Home server: test pdb_set_homedir: setting home dir \\test\tb, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\tb\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1004 from rid 1004 Finding user tb Trying _Get_Pwnam(), username as lowercase is tb Get_Pwnam_internals did find user [tb]! check lock order 1 for /etc/passdb.tdb lock order: 1:/etc/passdb.tdb 2:<none> 3:<none> Locking key 555345525F746200 Allocated locked data 0x0xb77c81b8 Unlocking key 555345525F746200 release lock order 1 for /etc/passdb.tdb lock order: 1:<none> 2:<none> 3:<none> check lock order 1 for /etc/passdb.tdb lock order: 1:/etc/passdb.tdb 2:<none> 3:<none> Locking key 5249445F303030303033 Allocated locked data 0x0xb77c85b0 Unlocking key 5249445F303030303033 release lock order 1 for /etc/passdb.tdb lock order: 1:<none> 2:<none> 3:<none> Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : ID_CACHE_DELETE (15) dest: struct server_id pid : 0x000000000000099b (2459) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x87067c7443d60582 (-8717143189932866174) src: struct server_id pid : 0x00000000000009cf (2511) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) buf : DATA_BLOB length=8 [0000] 55 53 45 52 20 74 62 00 USER tb. messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : ID_CACHE_DELETE (15) dest: struct server_id pid : 0x0000000000000999 (2457) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) src: struct server_id pid : 0x00000000000009cf (2511) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) buf : DATA_BLOB length=8 [0000] 55 53 45 52 20 74 62 00 USER tb. messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : ID_CACHE_DELETE (15) dest: struct server_id pid : 0x000000000000099e (2462) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x87067c7443d60582 (-8717143189932866174) src: struct server_id pid : 0x00000000000009cf (2511) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) buf : DATA_BLOB length=8 [0000] 55 53 45 52 20 74 62 00 USER tb. Deleted user tb. Deleting root with pdbedit is possible: --------------------------------------- test # pdbedit -d 10 -x root INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 params.c:pm_process() - Processing configuration file "/etc/smb.conf" Processing section "[global]" doing parameter dos charset = CP850 doing parameter unix charset = UTF-8 doing parameter workgroup = TOMMAIK doing parameter serverstring = doing parameter interfaces = 127.0.0.1/8 192.168.0.8/255.255.255.0 doing parameter bind interfaces only = yes doing parameter security = user doing parameter password server = doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*Password:* %n\n *Reenter*New*Password:* %n\n *Password*changed* doing parameter username map = /etc/user.map doing parameter username level = 2 doing parameter unix password sync = yes doing parameter debug level = 0 doing parameter max log size = 10000 doing parameter nameresolveorder = lmhosts host wins bcast doing parameter time server = yes doing parameter deadtime = 60 doing parameter printing = lprng doing parameter printcap name = /etc/printcap doing parameter printcap cache time = 0 doing parameter load printers = no doing parameter mangling method = hash2 doing parameter domain logons = no doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u' doing parameter add machine script = doing parameter delete user script = doing parameter add group script = /var/install/bin/add-group '%g' doing parameter delete group script = /var/install/bin/remove-group '%g' doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u' doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u' doing parameter set primary group script = /var/install/bin/modify-user -g '%u' '%g' doing parameter os level = 0 doing parameter preferred master = no doing parameter local master = no doing parameter domain master = no doing parameter wins support = no doing parameter wins hook = doing parameter wins server = doing parameter wins proxy = no doing parameter kernel oplocks = no doing parameter utmp = yes doing parameter message command = /var/install/bin/samba-netbios-mail '%f' '%s' doing parameter admin users = root doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0 doing parameter dos filetime resolution = yes doing parameter use sendfile = yes doing parameter unix extensions = no doing parameter wide links = yes doing parameter enable core files = no doing parameter max mux = 10000 doing parameter dos filemode = yes doing parameter acl group control = yes doing parameter force unknown acl user = yes doing parameter inherit acls = yes doing parameter map acl inherit = yes doing parameter map hidden = no doing parameter map system = no doing parameter map archive = no doing parameter map read only = no doing parameter store dos attributes = yes doing parameter ea support = yes doing parameter oplocks = no doing parameter level2 oplocks = no doing parameter blocking locks = no doing parameter hide files = /desktop.ini/Thumbs.db/ doing parameter dos filemode = yes doing parameter passdb backend = tdbsam doing parameter lanman auth = yes doing parameter client lanman auth = yes doing parameter client plaintext auth = yes doing parameter client ntlmv2 auth = no doing parameter max protocol = SMB3 doing parameter min receivefile size = 16384 doing parameter aio read size = 16384 doing parameter aio write size = 16384 doing parameter client max protocol = SMB3 doing parameter acl allow execute always = yes doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="TEST" Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init tdbsam_open: successfully opened /etc/passdb.tdb pdb_set_username: setting username root, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: test pdb_set_homedir: setting home dir \\test\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003 account_policy_get: name: maximum password age, val: -1 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! Opening cache file at /var/lock/samba/gencache.tdb Opening cache file at /var/lock/samba/gencache_notrans.tdb gid_to_sid: winbind failed to find a sid for gid 0 LEGACY: gid 0 -> sid S-1-22-2-0 Forcing Primary Group to 'Domain Users' for root account_policy_get: name: password history, val: 0 pdb_set_username: setting username root, was pdb_set_domain: setting domain TEST, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: test pdb_set_homedir: setting home dir \\test\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: test pdb_set_profile_path: setting profile path \\test\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4093749324-3310999274-4195910024-1003 from rid 1003 pdb_set_group_sid: setting group sid S-1-5-21-4093749324-3310999274-4195910024-513 check lock order 1 for /etc/passdb.tdb lock order: 1:/etc/passdb.tdb 2:<none> 3:<none> Locking key 555345525F726F6F7400 Allocated locked data 0x0xb774e278 Unlocking key 555345525F726F6F7400 release lock order 1 for /etc/passdb.tdb lock order: 1:<none> 2:<none> 3:<none> check lock order 1 for /etc/passdb.tdb lock order: 1:/etc/passdb.tdb 2:<none> 3:<none> Locking key 5249445F303030303033 Allocated locked data 0x0xb774d520 Unlocking key 5249445F303030303033 release lock order 1 for /etc/passdb.tdb lock order: 1:<none> 2:<none> 3:<none> test # pdbedit -Lw root Username not found! This is a regression to old samba versions. We are using scripts to add and delete samba users via smbpasswd. See also the same bug report for Samba 3.6.x: https://bugzilla.samba.org/show_bug.cgi?id=9981 der tom
Also occuring with 4.1.5 and 4.1.6.
It's deliberate... We have: NTSTATUS pdb_delete_user(TALLOC_CTX *mem_ctx, struct samu *sam_acct) { struct pdb_methods *pdb = pdb_get_methods(); uid_t uid = -1; NTSTATUS status; const struct dom_sid *user_sid; char *msg_data; user_sid = pdb_get_user_sid(sam_acct); /* sanity check to make sure we don't delete root */ if ( !sid_to_uid(user_sid, &uid ) ) { return NT_STATUS_NO_SUCH_USER; } if ( uid == 0 ) { return NT_STATUS_ACCESS_DENIED; } Now for a git-blame to see why this was added (and why pdbedit gets around it :-).
Ok, pdbedit uses pdb_delete_sam_account(). smbpasswd uses pdb_delete_user(). What's the difference and why ? :-).
Oh, I get it. pdb_delete_user() can shell out to the UNIX side to delete the *actual* user. We really don't want to do that for root :-). But the check is in the wrong place. Fix to follow.
Created attachment 9789 [details] Test patch. Ok, so here is a test patch. I moves the "don't delete root" check from pdb_delete_user() to pdb_default_delete_user(). I think this is the right way to fix this, but please test first and let me know :-). Cheers, Jeremy.
Am 19.03.2014 01:03, schrieb samba-bugs@samba.org: > Ok, so here is a test patch. I moves the "don't delete root" check from > pdb_delete_user() to pdb_default_delete_user(). > > I think this is the right way to fix this, but please test first and let me > know :-). Looks good: samba # smbd -V Version 4.1.6-for-eisfair-1-patch-2 samba # grep ^root /etc/passwd root:x:0:0:root:/root:/bin/bash samba # pdbedit -Lw root root:0:C2265B23734E0DACAAD3B435B51404EE:69943C5E63B4D2C104DBBCC15138B72B:[U ]:LCT-53178DB3: samba # smbpasswd -D 10 -x root INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 params.c:pm_process() - Processing configuration file "/etc/smb.conf" Processing section "[global]" doing parameter dos charset = CP850 doing parameter unix charset = UTF-8 doing parameter workgroup = TOMMAIK doing parameter serverstring = doing parameter interfaces = 127.0.0.1/8 192.168.0.33/255.255.255.0 doing parameter bind interfaces only = yes doing parameter security = user doing parameter password server = doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *New*Password:* %n\n *Reenter*New*Password:* %n\n *Password*changed* doing parameter username map = /etc/user.map doing parameter username level = 2 doing parameter unix password sync = yes doing parameter debug level = 0 doing parameter max log size = 10000 doing parameter nameresolveorder = lmhosts host wins bcast doing parameter time server = yes doing parameter deadtime = 60 doing parameter printing = lprng doing parameter printcap name = /etc/printcap doing parameter printcap cache time = 0 doing parameter load printers = no doing parameter mangling method = hash2 doing parameter domain logons = no doing parameter add user script = /usr/sbin/useradd -m '%u' -c '%u' doing parameter add machine script = doing parameter delete user script = doing parameter add group script = /var/install/bin/add-group '%g' doing parameter delete group script = /var/install/bin/remove-group '%g' doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u' doing parameter delete user from group script = /usr/sbin/userdel '%g' '%u' doing parameter set primary group script = /var/install/bin/modify-user -g '%u' '%g' doing parameter os level = 0 doing parameter preferred master = no doing parameter local master = no doing parameter domain master = no doing parameter wins support = no doing parameter wins hook = doing parameter wins server = doing parameter wins proxy = no doing parameter kernel oplocks = no doing parameter utmp = yes doing parameter message command = /var/install/bin/samba-netbios-mail '%f' '%s' doing parameter admin users = root doing parameter hosts allow = 127.0.0. 192.168.0.0/255.255.255.0 doing parameter dos filetime resolution = yes doing parameter use sendfile = yes doing parameter unix extensions = no doing parameter wide links = yes doing parameter enable core files = no doing parameter max mux = 10000 doing parameter dos filemode = yes doing parameter acl group control = yes doing parameter force unknown acl user = yes doing parameter inherit acls = yes doing parameter map acl inherit = yes doing parameter map hidden = no doing parameter map system = no doing parameter map archive = no doing parameter map read only = no doing parameter store dos attributes = yes doing parameter ea support = yes doing parameter oplocks = no doing parameter level2 oplocks = no doing parameter blocking locks = no doing parameter hide files = /desktop.ini/Thumbs.db/ doing parameter dos filemode = yes doing parameter passdb backend = tdbsam doing parameter lanman auth = yes doing parameter client lanman auth = yes doing parameter client plaintext auth = yes doing parameter client ntlmv2 auth = no doing parameter max protocol = SMB3 doing parameter min receivefile size = 16384 doing parameter aio read size = 16384 doing parameter aio write size = 16384 doing parameter client max protocol = SMB3 doing parameter acl allow execute always = yes doing parameter print notify backchannel = no doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="SAMBA" Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init tdbsam_open: successfully opened /etc/passdb.tdb pdb_set_username: setting username root, was pdb_set_domain: setting domain SAMBA, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: samba pdb_set_homedir: setting home dir \\samba\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: samba pdb_set_profile_path: setting profile path \\samba\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 from rid 1000 account_policy_get: name: maximum password age, val: -1 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! Opening cache file at /var/lock/samba/gencache.tdb Opening cache file at /var/lock/samba/gencache_notrans.tdb gid_to_sid: winbind failed to find a sid for gid 0 LEGACY: gid 0 -> sid S-1-22-2-0 Forcing Primary Group to 'Domain Users' for root account_policy_get: name: password history, val: 0 pdb_set_username: setting username root, was pdb_set_domain: setting domain SAMBA, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: samba pdb_set_homedir: setting home dir \\samba\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: samba pdb_set_profile_path: setting profile path \\samba\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-4119069296-3092739579-1781507130-513 winbind failed to find a uid for sid S-1-5-21-4119069296-3092739579-1781507130-1000 lookup_global_sam_rid: looking up RID 1000. pdb_set_username: setting username root, was pdb_set_domain: setting domain SAMBA, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name root, was Home server: samba pdb_set_homedir: setting home dir \\samba\root, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: samba pdb_set_profile_path: setting profile path \\samba\root\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4119069296-3092739579-1781507130-1000 from rid 1000 Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! check lock order 1 for /etc/passdb.tdb lock order: 1:/etc/passdb.tdb 2:<none> 3:<none> Locking key 555345525F726F6F7400 Allocated locked data 0x0xb77b81d0 Unlocking key 555345525F726F6F7400 release lock order 1 for /etc/passdb.tdb lock order: 1:<none> 2:<none> 3:<none> check lock order 1 for /etc/passdb.tdb lock order: 1:/etc/passdb.tdb 2:<none> 3:<none> Locking key 5249445F303030303033 Allocated locked data 0x0xb77b7ff8 Unlocking key 5249445F303030303033 release lock order 1 for /etc/passdb.tdb lock order: 1:<none> 2:<none> 3:<none> Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : ID_CACHE_DELETE (15) dest: struct server_id pid : 0x000000000000163e (5694) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) src: struct server_id pid : 0x0000000000001886 (6278) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) buf : DATA_BLOB length=10 [0000] 55 53 45 52 20 72 6F 6F 74 00 USER roo t. messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : ID_CACHE_DELETE (15) dest: struct server_id pid : 0x0000000000001640 (5696) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x2bfc0d5878a1bb00 (3169422911394134784) src: struct server_id pid : 0x0000000000001886 (6278) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) buf : DATA_BLOB length=10 [0000] 55 53 45 52 20 72 6F 6F 74 00 USER roo t. messaging_tdb_store: array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : ID_CACHE_DELETE (15) dest: struct server_id pid : 0x0000000000001643 (5699) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x2bfc0d5878a1bb00 (3169422911394134784) src: struct server_id pid : 0x0000000000001886 (6278) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) buf : DATA_BLOB length=10 [0000] 55 53 45 52 20 72 6F 6F 74 00 USER roo t. Deleted user root. samba # grep ^root /etc/passwd root:x:0:0:root:/root:/bin/bash samba # pdbedit -Lw root Username not found! Thanks a lot!
The only issue with this is that moving the check from pdb_delete_user() to pdb_default_delete_user() means that backends that don't have this check (the LDAP backend and the Novell directory backend) need it adding to avoid changing behavior. I'll add a secondary patch that restores it for these backends. Jeremy.
Can your patch go into 4.1.x? It fixes the error for us.
Trouble is it changes the semantics on the LDAP backend, so I need to fix that up first. Jeremy.
*** Bug 9981 has been marked as a duplicate of this bug. ***
Jeremy, it looks like this "delete root" issue is still open, right?