Please help with winbind setup

David Brodbeck DavidB at
Thu Nov 8 11:28:02 GMT 2001

That means you aren't properly joined to the domain.  Try removing the Samba
server's account on the PDC (with NT's server manager), re-creating it, then
joining again. (See the -j option in the smbpasswd manpage.)  Make sure that
smbd and nmbd are *not* running when you do this, or it won't work.

-----Original Message-----
From: Kevin [mailto:kevin at]
Sent: Friday, November 16, 2001 2:12 PM
To: David Brodbeck
Cc: samba at
Subject: Re: Please help with winbind setup

wbinfo -t states that:
"Secret is bad

What does this mean?  What is the secret used for?  And
of course, how do i make it good :)

Thanks a million,

David Brodbeck wrote:
> I'm sorry, that's matter what the "domain seperator" is set to
> winbind's configuration, you always use \ under Windows.  I forgot about
> that.  The + seperator only applies on the UNIX side.
> It looks to me like the Samba machine is not properly joined to the
> MPCFDOMAIN domain.  What I can't figure out is that if that's true, it
> to me that 'getent passwd' shouldn't work either (or rather, should return
> only local users.)  Maybe someone on the list has an idea.
> Does 'wbinfo -t' return 'Secret is good'?
> -----Original Message-----
> From: Kevin [mailto:kevin at]
> Sent: Friday, November 16, 2001 1:46 PM
> To: David Brodbeck
> Cc: samba at
> Subject: Re: Please help with winbind setup
> I have tried specifying the login name as
> TESTDOM+larry, and it still does not work.  WinXP will
> not even let you try it with a "+" as a separator.  It
> just keeps saying the correct syntax is "TESTDOM\larry"
> (what a PITA).  I've tried it from WIn2K and NT 4.0
> boxes too with no success.  When i type in just
> administrator or TESTDOM\administrator, it thinks for a
> moment then spits the username:password prompt back at
> me with no extra messages.  When i try with
> TESTDOM+administrator from a Win2K, WinNT or WinXP box
> all three say that the specified username is invalid.
> I checked the log.ntserver (my PDC and test client for
> now) since i bumped up the log level one notch and now
> i am getting some error messages.  I have attached the
> log file to this message.  It says something to the
> effect that it could not fetch trust account password
> for the MPCFDOMAIN (my real domain name).  The it
> appears to try the more traditional authentication
> methods.
> Thanks for the help,
> VeKTeReX
> David Brodbeck wrote:
> >
> > Hmm...that's interesting.  Are you seeing any error messages at all when
> you
> > attempt to log in?  You should be able to get something, though it may
> take
> > increasing the logging level a bit to see it.  Also, if you have
> > logs for each machine, it may be turning up there instead of in the main
> > logfile.
> >
> > Have you tried manually specifying the domain?  You shouldn't have to,
> > both machines are joined to the same domain, but you might want to try
> > just to be sure.  For example, if your domain seperator is +, try
> > "DOMAIN+joe" at the username prompt instead of just "joe".

More information about the samba mailing list