Please help with winbind setup
kevin at mpcf.com
Thu Nov 8 11:25:02 GMT 2001
Aha, the man pages contain the wisdom. The "secret" is
created when the machine is added to the domain.
I see what you are saying in regards to the samba
server does not seem to be joined to the domain (even
though it shows up as a domain member in MS Server
Manager and getent works fine). Do you think i should
remove the machine from the domain using server manager
and try re-adding it?
> wbinfo -t states that:
> "Secret is bad
> What does this mean? What is the secret used for? And
> of course, how do i make it good :)
> Thanks a million,
> David Brodbeck wrote:
> > I'm sorry, that's right...no matter what the "domain seperator" is set to in
> > winbind's configuration, you always use \ under Windows. I forgot about
> > that. The + seperator only applies on the UNIX side.
> > It looks to me like the Samba machine is not properly joined to the
> > MPCFDOMAIN domain. What I can't figure out is that if that's true, it seems
> > to me that 'getent passwd' shouldn't work either (or rather, should return
> > only local users.) Maybe someone on the list has an idea.
> > Does 'wbinfo -t' return 'Secret is good'?
> > -----Original Message-----
> > From: Kevin [mailto:kevin at mpcf.com]
> > Sent: Friday, November 16, 2001 1:46 PM
> > To: David Brodbeck
> > Cc: samba at lists.samba.org
> > Subject: Re: Please help with winbind setup
> > I have tried specifying the login name as
> > TESTDOM+larry, and it still does not work. WinXP will
> > not even let you try it with a "+" as a separator. It
> > just keeps saying the correct syntax is "TESTDOM\larry"
> > (what a PITA). I've tried it from WIn2K and NT 4.0
> > boxes too with no success. When i type in just
> > administrator or TESTDOM\administrator, it thinks for a
> > moment then spits the username:password prompt back at
> > me with no extra messages. When i try with
> > TESTDOM+administrator from a Win2K, WinNT or WinXP box
> > all three say that the specified username is invalid.
> > I checked the log.ntserver (my PDC and test client for
> > now) since i bumped up the log level one notch and now
> > i am getting some error messages. I have attached the
> > log file to this message. It says something to the
> > effect that it could not fetch trust account password
> > for the MPCFDOMAIN (my real domain name). The it
> > appears to try the more traditional authentication
> > methods.
> > Thanks for the help,
> > VeKTeReX
> > David Brodbeck wrote:
> > >
> > > Hmm...that's interesting. Are you seeing any error messages at all when
> > you
> > > attempt to log in? You should be able to get something, though it may
> > take
> > > increasing the logging level a bit to see it. Also, if you have seperate
> > > logs for each machine, it may be turning up there instead of in the main
> > > logfile.
> > >
> > > Have you tried manually specifying the domain? You shouldn't have to, if
> > > both machines are joined to the same domain, but you might want to try it
> > > just to be sure. For example, if your domain seperator is +, try
> > > "DOMAIN+joe" at the username prompt instead of just "joe".
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba