How to verify the domain secret is good or bad?

Scott Prive scottprive at earthlink.net
Tue Mar 11 22:20:10 GMT 2003 

----- Original Message -----
From: "Chere Zhou" <qzhou at isilon.com>
To: "Scott Prive" <scottprive at earthlink.net>; <samba at lists.samba.org>;
<samba-technical at lists.samba.org>
Sent: Tuesday, March 11, 2003 4:49 PM
Subject: Re: How to verify the domain secret is good or bad?


> On Tuesday 11 March 2003 01:23 pm, Scott Prive wrote:
> > ----- Original Message -----
> > From: "Chere Zhou" <qzhou at isilon.com>
> > To: <samba at lists.samba.org>; <samba-technical at lists.samba.org>
> > Sent: Tuesday, March 11, 2003 3:40 PM
> > Subject: How to verify the domain secret is good or bad?
> >
> > > I know there is the command "wbinfo -t".  But when it says that "could
> > > not check secret", how do I know it's the secret is bad, or something
> > > else
> >
> > wrong,
> >
> > > like winbind went crazy maybe?
> > >
> > > Also, sometimes I saw problems like "wbinfo -t" just says "secret is
> > > bad", when all the daemons were running.  It sure was good at some
point
> > > before.
> > >
> > > So my question is, in what condition that the secret can go bad?  How
do
> > > I check it?
> >
> > The pdc-secret thing is something I don't completely understand, but I
*do*
> > know that secret-testing is done loosely over the network. A bad secret
> > does not mean conclusively that the secret is bad... it means that the
test
> > was not successful. So you can get "secret is bad" if for example the
> > network is congested, etc. and the compare did not occur in time.
> >
> > Sometimes I've joined a domain and still got this error. If I wait 60
> > seconds are re-run wbinfo -t, I get a 'secret is good'.
> >
> > Also, I believe the secret can go bad if you change hostname or some
other
> > info. I'm not entirely sure what all the possible failures are.
> >
> > -Scott
>
> So, if I do not do anything like change hostname, ip or anything like
that,
> my secret should potentially always be good?  That's good to know.

I'm not sure about a lot of things, so don't make any bets on my advice OK?
:-)

"always"? For the short term, I believe that is true... a working secret
stays valid so long as you don't "change things". I do not know exactly know
what all the possible triggers are for invalidating your secret.

Secrets may have an expiration date (so you can't say 'always'), but if
there is a use-by date, I do not know what it is. Someone else might.

-Scott

More information about the samba-technical mailing list