[Samba] Accessing member server prompts for credentials
Toby Bluhm
tkb at midwestinstruments.com
Thu Jun 19 13:35:32 GMT 2008
Leon Stringer wrote:
> And when I do wbinfo -t I get:
>
> the trust secret via RPC calls succeeded
>
> but only for the first five minutes after starting winbindd. After
> five minutes I get:
>
> checking the trust secret via RPC calls failed
> error code was (0x0)
> Could not check secret
>
>
My setup was over 2 years ago on RHEL4 at my previous job and I had the
problem of winbind dieing every so often so I did a hack and setup a
cronjob to check every 10 minutes & restart it if needed.
> wbinfo -u does not work at any point.
>
> log.winbindd-idmap says:
>
> [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
> async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it.
> [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
> Could not receive trustdoms
>
> Any more advice gratefully received.
>
>
My experience was that winbind worked or it didn't. Never got the half
working results you have.
Here is the smb.conf I used. It was probably samba version ~ 3.0.10. I
do remember that once I set 'ldap ssl = no' and 'allow trusted domains =
no' it all started working for me. Also, when I was changing settings
around, the tdb files would keep old info and mess things up for me.
Since it was not in production yet, what I did was:
stop samba
rm /var/cache/samba/*.tdb
rm /etc/samba/secrets.tdb
Rejoin the domain
start samba
Just a warning - what worked for me back then may not be correct with
today's version. 'testparm -v' will show you all smb.conf options and
your current settings.
[global]
workgroup = DOMAIN
realm = DOMAIN.EXAMPLE.COM
server string = Samba Server Main
security = ads
log level = 0 vfs:2
log file = /var/log/samba/ALL.log
max log size = 500
socket options = TCP_NODELAY
load printers = No
preferred master = No
domain master = No
dns proxy = No
wins server = 192.168.100.100
netbios name = MAIN
netbios aliases = PENGUIN
ldap ssl = no
idmap uid = 10000-3000000
idmap gid = 10000-3000000
template homedir = /users/%U
template shell = /bin/bash
winbind enum users = No
winbind enum groups = No
idmap backend = idmap_rid:DOMAIN=100000-3000000
allow trusted domains = no
username map = /etc/samba/smbusers
name resolve order = wins bcast
cups options = raw
disable spoolss = Yes
show add printer wizard = No
os level = 1
winbind use default domain = yes
host msdfs = Yes
admin users = DOMAIN\admin20 admin20
--
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240 ext203
More information about the samba
mailing list