Bug 14657 - Use of machine account creds leads to "ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory" error messages
Summary: Use of machine account creds leads to "ldb: Unable to open tdb '/var/lib/samb...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.14.0rc4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-09 11:57 UTC by Björn Baumbach
Modified: 2021-07-06 09:47 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Baumbach 2021-03-09 11:57:59 UTC 
Different commands print ldb error messages when using the own machine account credentials. We should avoid this.

Example:

root@dm3:~# smbclient -L 127.0.0.1 -P
ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory

        Sharename       Type      Comment
        ---------       ----      -------
        share           Disk


smbclient uses by default the log level 1, which is used here for these error messages. So this is printed unless smbclient is called with "-d0".

With a log level of 1 also other tools print these error messages:

# samba-gpupdate -d1
ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory

Older Samba versions auto created a /var/lib/samba/private/secrets.ldb on access, so this does only happen on newer setups, where no secrets.ldb exists.
Comment 1 Christian Naumer 2021-07-06 07:11:08 UTC 
I have the same Problem with a new installation on 4.14.5.

Normal member server tht acts as printserver. In the logs I see this:

[2021/07/06 08:39:36.246452,  1] ../../lib/ldb samba/ldb_wrap.c:79(ldb_wrap_debug)
Jul 06 08:39:36 printserver winbindd[1530]:   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory


In the directory there is only a "secrets.tdb" not ldb.

I have older installations that where updated to 4.14 and do not see this there.
Comment 2 Andrew Bartlett 2021-07-06 09:47:11 UTC 
This was done intentionally (not the error, but the behaviour) by:

commit 6cbd7d1a32cc7ccfb8d06eacdcade41d96b54519
Author: Stefan Metzmacher <metze@samba.org>
Date:   Tue Feb 4 16:16:48 2020 +0100

    s4:param: make sure secrets_db_connect() no longer creates on empty secrets.ldb
    
    Signed-off-by: Stefan Metzmacher <metze@samba.org>
    Reviewed-by: Andreas Schneider <asn@samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
    Autobuild-Date(master): Wed Feb  5 10:13:02 UTC 2020 on sn-devel-184

The new behaviour prints the error but doesn't create empty secrets.ldb files any more.

Sorry about that.