This is Debian bug #346547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346547 The user is here reporting that the samba panic script had been triggered by running "smbpasswd -L" as a non root user (or, more precisely, when secrets.tdb can't be read) In the bug log, Andrew explained that this option is mostly meant for internal testing purposes when samba is installed as non root...which seems fairly OK. This bug report is mostly meant to suggest a nicer failure such as smbpasswd checking the readability of secrets.tdb at the argument-parsing stage. The output of "smbpasswd -L" in such case is: cperrier@bastet:~> smbpasswd -L Failed to open /var/lib/samba/secrets.tdb Failed to open /var/lib/samba/secrets.tdb Failed to open /var/lib/samba/secrets.tdb pdb_generate_sam_sid: Failed to store generated machine SID. smb_panic(): calling panic action [/usr/share/samba/panic-action 4176] smb_panic(): action returned status 0 PANIC: Could not generate a machine SID BACKTRACE: 6 stack frames: #0 smbpasswd(smb_panic2+0x7c) [0x80fa05c] #1 smbpasswd(smb_panic+0x1a) [0x80fa27a] #2 smbpasswd(get_global_sam_sid+0x2bc) [0x807d99c] #3 smbpasswd(main+0x52f) [0x807076f] #4 /lib/libc.so.6(__libc_start_main+0x9e) [0x401973be] #5 smbpasswd [0x806fdc1] Aborted
Created attachment 2967 [details] avoid get_global_sam_sid panic in client tools Here is a patch which updates the client software (pam_smbpass and smbclient) to detect non-root invocations that require get_global_sam_sid() and bypass them with an error message as appropriate, to avoid triggering an smb_panic where this is foreseeable and avoidable. This is particularly important in the case of pam_smbpass, where a smb_panic() will terminate the calling application (e.g., a screensaver). A client-specific check is preferable over changing the error handling in get_global_sam_sid() because the server can always rely on this operation being run as root and there is a lack of error handling in various callers of the function, so smb_panic() is still appropriate for the general case.
Applied for 3.0.28a and above. Jeremy