In preparation to moving to new hardware with new boot media, I backed up the configuration of a working system and selected the option to save the passwords/secrets. After I restored the configuration on the new hardware, SMB would not start and the following was recorded in samba4/log.smbd
smbd version 4.10.13 started. Copyright Andrew Tridgell and the Samba Team 1992-2019 [2020/06/24 09:35:15.164639, 1] ../../source3/profile/profile_dummy.c:30(set_profile_level) INFO: Profiling support unavailable in this build. [2020/06/24 09:35:15.166769, 0] ../../source3/passdb/secrets.c:364(fetch_ldap_pw) fetch_ldap_pw: neither ldap secret retrieved! [2020/06/24 09:35:15.166847, 0] ../../source3/passdb/pdb_ldap.c:6579(pdb_init_ldapsam_common) pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb [2020/06/24 09:35:15.166905, 0] ../../source3/passdb/pdb_interface.c:180(make_pdb_method_name) pdb backend ldapsam:"ldap://xxx.xxx.xxx:389" did not correctly init (error was NT_STATUS_NO_MEMORY)
The SMB service was working correctly on the original hardware. Entering the password in the web interface via "Directory Services/LDAP" did not resolve the problem. There did not appear to be any other way to set the password via the web interface. I was able to fix the problem in the shell via the command:
smbpasswd -w bind_pw
It appears that the configuration backup/restore does not save and/or restore the LDAP bind password in secrets.tdb.