[Samba] Accessing member server prompts for credentials
Leon Stringer
leon.stringer at ntlworld.com
Thu Jun 19 10:08:34 GMT 2008
> From: Toby Bluhm <tkb at midwestinstruments.com>
> Date: 2008/06/18 Wed PM 03:35:58 GMT
> To: samba at lists.samba.org
> Subject: Re: [Samba] Accessing member server prompts for credentials
>
> Leon Stringer wrote:
> > I'm still struggling with this if anyone can help.
> >
> >> I'm trying to join a server as an AD member but it isn't working.
> >>
> >> I do:
> >>
> >> kinit ADMINISTRATOR at DOMAIN1.CO.UK
> >>
> >> which prompts for the password and displays nothing else. Then I do:
> >>
> >> net ads join -U Administrator%XXXXX
> >>
> >> which returns:
> >>
> >> Using short domain name -- DOMAIN1
> >> Joined 'SERVER1' to realm 'DOMAIN1.CO.UK'
> >>
> >> So all looks OK, but when I try to browse the shares on \\server1
> >> from another domain member I'm prompted for a username and password. Any valid domain credentials are rejected.
>
> Actually, it all looks good so far, but you need a little more setup so
> samba can authenticate accounts against AD.
>
> Do you have winbindd running?
> What does 'wbinfo -t' tell you?
> Do you have the winbind sections in smb.conf configured correctly?
> Can you get a list of AD accounts with 'wbinfo -u'?
> Did you configure nsswitch.conf correctly?
> If 'id "DOMAIN\user"' returns useful info about the user, your machine
> is authenticating with AD correctly.
> Also, ntpd needs to sync the time very closely with the domain. 'date ;
> net time -w DOMAIN' should show times that are within seconds of each other.
>
>
> Go back to the Samba HOWTO and review Ch. 24 and 29. Any text in the
> HOWTO that mentions NT4 or PDC or BDC configuration is not for your
> situation.
>
> Did you see my comments about winbind at the bottom of that message?
Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly.
And when I do wbinfo -t I get:
the trust secret via RPC calls succeeded
but only for the first five minutes after starting winbindd. After
five minutes I get:
checking the trust secret via RPC calls failed
error code was (0x0)
Could not check secret
wbinfo -u does not work at any point.
log.winbindd-idmap says:
[2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it.
[2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
Could not receive trustdoms
Any more advice gratefully received.
-----------------------------------------
Email sent from www.virginmedia.com/email
Virus-checked using McAfee(R) Software and scanned for spam
More information about the samba
mailing list