Different commands print ldb error messages when using the own machine account credentials. We should avoid this. Example: root@dm3:~# smbclient -L 127.0.0.1 -P ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory Sharename Type Comment --------- ---- ------- share Disk smbclient uses by default the log level 1, which is used here for these error messages. So this is printed unless smbclient is called with "-d0". With a log level of 1 also other tools print these error messages: # samba-gpupdate -d1 ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory Older Samba versions auto created a /var/lib/samba/private/secrets.ldb on access, so this does only happen on newer setups, where no secrets.ldb exists.
I have the same Problem with a new installation on 4.14.5. Normal member server tht acts as printserver. In the logs I see this: [2021/07/06 08:39:36.246452, 1] ../../lib/ldb samba/ldb_wrap.c:79(ldb_wrap_debug) Jul 06 08:39:36 printserver winbindd[1530]: ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory In the directory there is only a "secrets.tdb" not ldb. I have older installations that where updated to 4.14 and do not see this there.
This was done intentionally (not the error, but the behaviour) by: commit 6cbd7d1a32cc7ccfb8d06eacdcade41d96b54519 Author: Stefan Metzmacher <metze@samba.org> Date: Tue Feb 4 16:16:48 2020 +0100 s4:param: make sure secrets_db_connect() no longer creates on empty secrets.ldb Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Feb 5 10:13:02 UTC 2020 on sn-devel-184 The new behaviour prints the error but doesn't create empty secrets.ldb files any more. Sorry about that.