SAMBA - set smbpasswd for root 0 Errors

[GCMartin]

Didn't know what to make of this. Thought I'd ask for help in understanding what these means. Seems like there is something that Knoppix needs or is there something I (user) need to do.

Would anyone care to take a shot and explain this?

Code:

root@Microknoppix:/home/knoppix# smbpasswd
New SMB password:
Retype new SMB password:
tdbsam_open: Converting version 0.0 database to version 4.0.
tdbsam_convert_backup: updated /var/lib/samba/passdb.tdb file.
Failed to find entry for user root.
root@Microknoppix:/home/knoppix# smbpasswd -a root
New SMB password:
Retype new SMB password:
account_policy_get: tdb_fetch_uint32 failed for type 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0
Added user root.

Thanks in advance for your help.

P.S. Should this be reported to Knoppix. If so how and where eg bugreport?

[GCMartin]

Anyone know what this means? Is this normal?

[dinosoep]

Problem
When using the smbpasswd command the first time you add a Samba user to a new CIFS Server installation, the command may respond with a misleading message. See the following example:

./smbpasswd -a user1

New SMB password:

Retype new SMB password:

The misleading messages are displayed as follows:


startsmbfilepwent_internal: file /var/opt/samba/private/smbpasswd did not exist.
File successfully created.
account_policy_get: tdb_fetch_uint32 failed for field 1
(min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 2
(password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 3
(user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 4
(maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 5
(minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 6
(lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 7
(reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 8
(bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 9
(disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 10
(refuse machine password change), returning 0
Added user user1

The user will be added correctly and the misleading messages will only be displayed with the first occurrence of adding a new Samba user.

Workaround
Verify that the user has been added correctly and ignore the misleading messages.

I got that from here: http://docs.hp.com/en/B8725-90104/ar01s06.html

seeems like no big deal

[Forester]

Hello,

Looks like the messages don't mean much.

What is your usage scenario here ? Why are you even using smbpasswd let alone trying to set a password for root ?

I don't use this on my little samba set up. When I connect a samba share I'm asked for a user name and password and I just enter the ones I would enter if I were logging into the machine. This uses PAM authentication and should work under Knoppix 'out of the box'. At work I'd expect LDAP to be used. Knoppix has LDAP but I'd expect I'd need to configure the name or IP address of the LDAP server and might have to speak to IT support.

I vaguely remember using smbpasswd back in the days of W98 but that was to establish a correspondence between Windows user ids (with spaces in them ) and Linux user ids. It may have got around the need to 'logon' but that was never the intention.

If you're trying to add samba password because Knoppix has no Linux passwords, I'd suggest you set a Linux password. If you're trying to avoid entering a password at all, I'd suggest you don't.

Ask your IT people but I suspect they would not approve a remote root access (with or without password). It may not make any real difference with Knoppix but it might be seen as setting a bad precedent others may then use to justify doing things that really aren't secure.

@ dinosoep

Way to go ! Take someone else's learning opportunity and make it your own You win, they, well let's hope they at least break even.

[GCMartin]

@dinosoep. Thanks ever so much for your help.
The message was a little disconcerting even though the command worked.

@Forester.
I noticed you mentioning no need for usernames and password for Knoppix resources that you share with your LAN. Would you show us your [global] and your [share] sections of your smb.conf so that I can see how you are set up where your users can access your Knoppix resource without the need to authenticate. I have a need for my XP/Vista/7/Ubuntu clients to access the resource that would be shared by my Knoppix for LAN use.

Thanks in advance

[Forester]

I noticed you mentioning no need for usernames and password for Knoppix resources that you share with your LAN. Would you show us your [global] and your [share] sections of your smb.conf so that I can see how you are set up where your users can access your Knoppix resource without the need to authenticate. I have a need for my XP/Vista/7/Ubuntu clients to access the resource that would be shared by my Knoppix for LAN use.
Thanks in advance

Hello again.

We're are at slight cross-purposes. I don't have a samba server under Knoppix at the moment so no resources are shared with the LAN.

I tend to use authentication. On my home network I'm in control. I don't have enough machines to be bothered with NIS or LDAP or whatever. I have a limited number of user ids and each has the same password on each machine and the passwords don't expire. That's my cheap and cheerful 'network password' system. Inside an organisation, one expects the same user id and password to work on all machines (to which one has access). It is irritating for an individual to have one user id for Windows and another for Linux. It is annoying when the user ids are the same but the passwords are not synchronised. I'm sure you know what I mean. If, by using smbpasswd, you introduce a third password ... well, I'm trying to suggest you might find that a bad idea in the long run.

Knoppix doesn't have passwords. You don't log on. There are two user ids - knoppix and root. Many people (myself included) set passwords but it doesn't make Knoppix one little bit more secure. The reason I do this is so that things like ssh (and I expect samba) that expect authentication will be able to ask for a password and I will be able to give them one. I hope for fewer problems that way. In my earlier post I was speculating that you were having trouble using a samba share on a Knoppix server because there is no Linux password for the root or knoppix accounts. I was trying to suggest that you set a Linux password rather than a samba password if this gives you trouble.

Once authentication is there, I might then use measures to avoid the need to enter user id and password but never by removing the password. So for ssh I use public / private keys. You can tell KDE what user id and password to use for samba. I simply told KDE to use what happens to be the Linux user id and password and I can browse and access the samba network without problems. But this is samba client, not samba server.

In organisations, the authentication to access Windows shares is hidden from the user (it's probably more secure that way) as long as its Windows to Windows. I've always had to enter a user id and password from Linux to Windows (and I've never tried Windows to Linux). I've seen people cheat, leaving passwords in plain sight, but I don't do that as a matter of discipline.

I have, in the past, set up auto mounting of samba shares and that supplied user id and password automatically from a file accessible only to root. I wouldn't do that under Knoppix - Knoppix isn't secure enough.

It might be that you can use smbpasswd to supply authentication credentials for you. I guess so but I don't know. At least it is worth your while looking into.

You'll find several threads all basically asking how you get Knoppix to insist on a password. I haven't seen an answer yet and I suspect the easy answer is install Debian instead. Without passwords you have no security. Even with a password, you could end up with dozens of individuals accessing network resources all claiming to be knoppix. If I were responsible for IT security I would be very unhappy about that.

Yes, I use Knoppix at work but in a virtual machine and all network access is via NAT so it looks like it's me (the Windows user) that is accessing corporate resources. I would not boot Knoppix directly onto the corporate network.

I might have a go at running a samba server on Knoppix at home to see what happens over the next few days but I'm spending too much time on Knoppix as it is, so no promises.