[Samba] Accessing member server prompts for credentials

Thu Jun 19 10:08:34 GMT 2008

> From: Toby Bluhm <tkb at midwestinstruments.com>
> Date: 2008/06/18 Wed PM 03:35:58 GMT
> To: samba at lists.samba.org
> Subject: Re: [Samba] Accessing member server prompts for credentials
> 
> Leon Stringer wrote:
> > I'm still struggling with this if anyone can help.
> >
> >> I'm trying to join a server as an AD member but it isn't working.
> >>
> >> I do:
> >>
> >>  kinit ADMINISTRATOR at DOMAIN1.CO.UK
> >>
> >> which prompts for the password and displays nothing else. Then I do:
> >>
> >>  net ads join -U Administrator%XXXXX
> >>
> >> which returns:
> >>
> >>  Using short domain name -- DOMAIN1
> >>  Joined 'SERVER1' to realm 'DOMAIN1.CO.UK'
> >>
> >> So all looks OK, but when I try to browse the shares on \\server1
> >> from another domain member I'm prompted for a username and password. Any valid domain credentials are rejected.
> 
> Actually, it all looks good so far, but you need a little more setup so 
> samba can authenticate accounts against AD.
> 
> Do you have winbindd running?
> What does 'wbinfo -t' tell you?
> Do you have the winbind sections in smb.conf configured correctly?
> Can you get a list of AD accounts with 'wbinfo -u'?
> Did you configure nsswitch.conf correctly?
> If 'id "DOMAIN\user"' returns useful info about the user, your machine 
> is authenticating with AD correctly.
> Also, ntpd needs to sync the time very closely with the domain. 'date ; 
> net time -w DOMAIN' should show times that are within seconds of each other.
> 
> 
> Go back to the Samba HOWTO and review Ch. 24 and 29. Any text in the 
> HOWTO that mentions NT4 or PDC or BDC configuration is not for your 
> situation.
> 
> Did you see my comments about winbind at the bottom of that message?

Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly.

And when I do wbinfo -t I get:

  the trust secret via RPC calls succeeded

but only for the first five minutes after starting winbindd. After 
five minutes I get:

  checking the trust secret via RPC calls failed
  error code was  (0x0)
  Could not check secret

wbinfo -u does not work at any point.

log.winbindd-idmap says:

[2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
  async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it.
[2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
  Could not receive trustdoms

Any more advice gratefully received.

-----------------------------------------
Email sent from www.virginmedia.com/email
Virus-checked using McAfee(R) Software and scanned for spam