[Samba] Accessing member server prompts for credentials

Toby Bluhm tkb at midwestinstruments.com
Thu Jun 19 13:35:32 GMT 2008

Leon Stringer wrote:

> And when I do wbinfo -t I get:
>   the trust secret via RPC calls succeeded
> but only for the first five minutes after starting winbindd. After 
> five minutes I get:
>   checking the trust secret via RPC calls failed
>   error code was  (0x0)
>   Could not check secret

My setup was over 2 years ago on RHEL4 at my previous job and I had the 
problem of winbind dieing every so often so I did a hack and setup a 
cronjob to check every 10 minutes & restart it if needed.

> wbinfo -u does not work at any point.
> log.winbindd-idmap says:
> [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
>   async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it.
> [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
>   Could not receive trustdoms
> Any more advice gratefully received.

My experience was that winbind worked or it didn't. Never got the half 
working results you have.

Here is the smb.conf  I used. It was probably samba version ~ 3.0.10. I 
do remember that once I set 'ldap ssl = no' and 'allow trusted domains = 
no' it all started working for me. Also, when I was changing settings 
around, the tdb files would keep old info and mess things up for me. 
Since it was not in production yet, what I did was:

stop samba
rm /var/cache/samba/*.tdb
rm /etc/samba/secrets.tdb
Rejoin the domain
start samba

Just a warning - what worked for me back then may not be correct with 
today's version. 'testparm -v' will  show you all smb.conf options and 
your current settings.

        workgroup = DOMAIN
        realm = DOMAIN.EXAMPLE.COM
        server string = Samba Server Main
        security = ads
        log level = 0 vfs:2
        log file = /var/log/samba/ALL.log
        max log size = 500
        socket options = TCP_NODELAY
        load printers = No
        preferred master = No
        domain master = No
        dns proxy = No
        wins server =
        netbios name = MAIN
        netbios aliases = PENGUIN
        ldap ssl = no
        idmap uid = 10000-3000000
        idmap gid = 10000-3000000
        template homedir = /users/%U
        template shell = /bin/bash
        winbind enum users = No
        winbind enum groups = No
        idmap backend = idmap_rid:DOMAIN=100000-3000000
        allow trusted domains = no
        username map = /etc/samba/smbusers
        name resolve order = wins bcast
        cups options = raw
        disable spoolss = Yes
        show add printer wizard = No
        os level = 1
        winbind use default domain = yes
        host msdfs = Yes
        admin users = DOMAIN\admin20 admin20

Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240 ext203

More information about the samba mailing list