[Samba] wbinfo check secret fails

Gallagher, Michael K. (IT) Michael.Gallagher at pseg.com
Sat Jul 25 14:07:09 MDT 2009

I set up 4 Sun X4540 servers running Solaris 10 and Samba v3.0.33.  A
couple weeks back, one of the 4 stopped authenticating Windows AD
requests.  I've tried removed it an adding it back to the domain, but
still no luck.  The global config on the 4 servers is the same, only the
shares are different.  When I first installed Samba on this server (and
everything was working), I didn't have to configure krb5.conf (nor have
I configured it on the other 3 servers).  Now I had to configure it, and
can successfully add it back to the domain.  The net ads status, net ads
testjoin, net rpc testjoin, and net rpc info all return correct info.
	bash-3.00# net ads status
	SSMKG's password: 
	objectClass: top
	objectClass: person
	objectClass: organizationalPerson
	objectClass: user
	objectClass: computer
	cn: sun234
	distinguishedName: CN=sun234,OU=APS Servers,OU=Member
	instanceType: 4
	whenCreated: 20090725130337.0Z
	whenChanged: 20090725140318.0Z
	uSNCreated: 38669648
	uSNChanged: 38670121
	name: sun234
	objectGUID: 69d15994-6242-459c-b8fb-3ef435872ae1
	userAccountControl: 69632
	badPwdCount: 1
	codePage: 0
	countryCode: 0
	badPasswordTime: 128930252664255001
	lastLogoff: 0
	lastLogon: 128930250812259310
	localPolicyFlags: 0
	pwdLastSet: 128930006201336513
	primaryGroupID: 515
	objectSid: S-1-5-21-1876172974-742851678-1849977318-107306
	accountExpires: 9223372036854775807
	logonCount: 0
	sAMAccountName: sun234$
	sAMAccountType: 805306369
	dNSHostName: sun234.pseg.com
	servicePrincipalName: HOST/sun234.pseg.com
	servicePrincipalName: HOST/SUN234
	isCriticalSystemObject: FALSE
	dSCorePropagationData: 20090725140318.0Z
	dSCorePropagationData: 20090725140318.0Z
	dSCorePropagationData: 20090725140318.0Z
	dSCorePropagationData: 16010108151513.0Z
	lastLogonTimestamp: 128930006201961501

	bash-3.00# net ads testjoin
	Join is OK

	bash-3.00# net rpc testjoin
	Join to 'ENTERPRISE' is OK

	bash-3.00# net rpc info
	Domain Name: ENTERPRISE
	Domain SID: S-1-5-21-1876172974-742851678-1849977318
	Sequence number: 1
	Num users: 17819
	Num domain groups: 8853
	Num local groups: 827

  But some of the wbinfo commands don't work.  In particular, when I run
wbinfo -t, I get the following error:
	bash-3.00# wbinfo -t
	checking the trust secret via RPC calls failed
	error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
	Could not check secret

How can I recover from this error?  If I removed from domain, delete the
secrets.tbd file, and add back to domain will that resolve the issue?  I
tried searching samba.org for help, but it appears the search engine is
currently unavailable.

Michael K. Gallagher
Lead Senior Consultant
PSEG Services Corporation - IT
80 Park Plaza, T15
Newark, NJ  07102
973-430-5129 (fax)
michael.gallagher at pseg.com

The information contained in this e-mail, including any
attachment(s), is intended solely for use by the named
addressee(s).  If you are not the intended recipient, or a person
designated as responsible for delivering such messages to the
intended recipient, you are not authorized to disclose, copy,
distribute or retain this message, in whole or in part, without
written authorization from PSEG.  This e-mail may contain
proprietary, confidential or privileged information. If you have
received this message in error, please notify the sender
immediately. This notice is included in all e-mail messages leaving
PSEG.  Thank you for your cooperation.

More information about the samba mailing list