Sarris, Chris
2002-Mar-18 15:44 UTC
[Samba] what does "Secret is bad" mean for "wbinfo -t"
Hello, I am implementing winbind with Samba-2.2.3a on a NT 4.0 network .... I joined the domain previously with "smbpasswd -j Domain -r NTPDC -U Administrator" and I was notified that I was joined to the domain. Later when I tried to query and make sure the machine account was active with "wbinfo -t" this came back: "Secret is bad 0xc00000e5" I have smbd, nmbd, and windbindd running in ps -leaf and I am able to get users and groups from the NT domain using "wbinfo -u" or "wbinfo -g" Any thoughts? thanks tons, Chris
Sarris, Chris
2002-Mar-19 07:59 UTC
[Samba] what does "Secret is bad" mean for "wbinfo -t"
Herb, thanks for the reply. I am using Red Hat 7.2 --- on set of notes says use server manager to add the computer to the Nt 4 domain and then do the "smbpasswd" with the -j and -r options. Another set of instructions (the latest from samba.org for the windbindd setup) says just do the smbpasswd command with the -j -r and -U options if you have an administrator password. From an NT perspective that should work fine... as we sometimes add a computer to the domain via Server Manager and then complete the operation or we do it at the client computer and supply an Administrator password to do both at once (add to Server Manager and add to Domain). Perphas this is not the case with the smbpasswd command? I don't know. I just assumed you could do it either way. the curious this is that I must have joined the domain because the "wbinfo -u" and "wbinfo -g" gives me a list of all the users and groups on the NT domain. So it is working.... but I just don't understand the output of "wbinfo -t" --- what should it say if everything is working fine? What is the process for *Un-joining* a domain and then re-joining a domain? What if I want to disconnect from one domain and join a different one? I am assuming that I can only join one domain at a time and then rely on trust relationships to contact other domains? Is this true - thanks for all your help, chris -----Original Message----- From: Herb Lewis [mailto:herb@sgi.com] Sent: Tuesday, March 19, 2002 8:12 AM To: Sarris, Chris Subject: Re: [Samba] what does "Secret is bad" mean for "wbinfo -t" You didn't say what OS you were running. the -U option had a problem with big-endian systems. It would say you joined the domain when in fact there was a problem. You had to create the account with server manager and then join without the -U option to smbpasswd. "Sarris, Chris" wrote:> > Hello, > I am implementing winbind with Samba-2.2.3a on a NT 4.0 network .... I > joined the domain previously with "smbpasswd -j Domain -r NTPDC -U > Administrator" and I was notified that I was joined to the domain. > > Later when I tried to query and make sure the machine account was active > with "wbinfo -t" this came back: > > "Secret is bad > 0xc00000e5" > > I have smbd, nmbd, and windbindd running in ps -leaf > and I am able to get users and groups from the NT domain using "wbinfo -u" > or "wbinfo -g" > > Any thoughts? > > thanks tons, > Chris > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- =====================================================================Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ======================================================================
Sarris, Chris
2002-Mar-19 08:03 UTC
[Samba] what does "Secret is bad" mean for "wbinfo -t"
Herb, I am also assuming that once I alter the /etc/pam.d/login script to use pam_winbind.so that I should be able to login using a format of "domain_name+user_name" is that correct? My winbind separator is the "+" and although I can get the wbinfo -u or -g options to work I have not been able to login in to a differeny tty session yet. However this could be a problem with the pam setup. (smbd, nmbd and winbindd are running and started in that order) thanks again, Chris -----Original Message----- From: Sarris, Chris Sent: Tuesday, March 19, 2002 8:55 AM To: 'Herb Lewis'; 'samba@lists.samba.org' Subject: RE: [Samba] what does "Secret is bad" mean for "wbinfo -t" Herb, thanks for the reply. I am using Red Hat 7.2 --- on set of notes says use server manager to add the computer to the Nt 4 domain and then do the "smbpasswd" with the -j and -r options. Another set of instructions (the latest from samba.org for the windbindd setup) says just do the smbpasswd command with the -j -r and -U options if you have an administrator password. From an NT perspective that should work fine... as we sometimes add a computer to the domain via Server Manager and then complete the operation or we do it at the client computer and supply an Administrator password to do both at once (add to Server Manager and add to Domain). Perphas this is not the case with the smbpasswd command? I don't know. I just assumed you could do it either way. the curious this is that I must have joined the domain because the "wbinfo -u" and "wbinfo -g" gives me a list of all the users and groups on the NT domain. So it is working.... but I just don't understand the output of "wbinfo -t" --- what should it say if everything is working fine? What is the process for *Un-joining* a domain and then re-joining a domain? What if I want to disconnect from one domain and join a different one? I am assuming that I can only join one domain at a time and then rely on trust relationships to contact other domains? Is this true - thanks for all your help, chris -----Original Message----- From: Herb Lewis [mailto:herb@sgi.com] Sent: Tuesday, March 19, 2002 8:12 AM To: Sarris, Chris Subject: Re: [Samba] what does "Secret is bad" mean for "wbinfo -t" You didn't say what OS you were running. the -U option had a problem with big-endian systems. It would say you joined the domain when in fact there was a problem. You had to create the account with server manager and then join without the -U option to smbpasswd. "Sarris, Chris" wrote:> > Hello, > I am implementing winbind with Samba-2.2.3a on a NT 4.0 network .... I > joined the domain previously with "smbpasswd -j Domain -r NTPDC -U > Administrator" and I was notified that I was joined to the domain. > > Later when I tried to query and make sure the machine account was active > with "wbinfo -t" this came back: > > "Secret is bad > 0xc00000e5" > > I have smbd, nmbd, and windbindd running in ps -leaf > and I am able to get users and groups from the NT domain using "wbinfo -u" > or "wbinfo -g" > > Any thoughts? > > thanks tons, > Chris > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- =====================================================================Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ======================================================================
Sarris, Chris
2002-Mar-19 08:15 UTC
[Samba] what does "Secret is bad" mean for "wbinfo -t"
Herb, I think this might help: I executed "smbstatus" and got this back: "tdb (null): tdb_open_ex could not open file /usr/local/samba/var/locks/brlock.tdb no such file tdb (null): tdb_open_ex could not open file /usr/local/samba/var/locks/locking.tdb no such file Error:Failed to initilize lociing database. can't initialize locking module - exiting" Does this mean anything to you? I went to /usr/local/samba/var/locks ...and these files do not exist. However there are sever other files.... messages.tdb unexpected.tdb and some other stuff. what is a "tdb" file? thanks again, Chris -----Original Message----- From: Herb Lewis [mailto:herb@sgi.com] Sent: Tuesday, March 19, 2002 9:06 AM To: Sarris, Chris Cc: 'samba@lists.samba.org' Subject: Re: [Samba] what does "Secret is bad" mean for "wbinfo -t" Do you have the domain name listed in smb.conf? Have you tried restarting winbindd after you joined the domain? The -U option should have worked on Linux to allow you to join the domain but if you didn't restart winbindd I have seen some problems. Typically all you need to do is stop samba (including winbindd), edit the smb.conf file to change the name to the new domain (and password server if not using the "*" syntax), run the smbpasswd command with -j DOMAIN -r PDC -Uadministrator%password and then restart samba and winbindd. "Sarris, Chris" wrote:> > Herb, > thanks for the reply. > I am using Red Hat 7.2 --- on set of notes says use server manager to add > the computer to the Nt 4 domain and then do the "smbpasswd" with the -jand> -r options. Another set of instructions (the latest from samba.org for the > windbindd setup) says just do the smbpasswd command with the -j -r and -U > options if you have an administrator password. From an NT perspective that > should work fine... as we sometimes add a computer to the domain viaServer> Manager and then complete the operation or we do it at the client computer > and supply an Administrator password to do both at once (add to Server > Manager and add to Domain). > > Perphas this is not the case with the smbpasswd command? I don't know. I > just assumed you could do it either way. > > the curious this is that I must have joined the domain because the "wbinfo > -u" and "wbinfo -g" gives me a list of all the users and groups on the NT > domain. So it is working.... but I just don't understand the output of > "wbinfo -t" --- what should it say if everything is working fine? > > What is the process for *Un-joining* a domain and then re-joining adomain?> What if I want to disconnect from one domain and join a different one? Iam> assuming that I can only join one domain at a time and then rely on trust > relationships to contact other domains? Is this true - > > thanks for all your help, > chris-- =====================================================================Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ======================================================================
Sarris, Chris
2002-Mar-19 14:52 UTC
[Samba] what does "Secret is bad" mean for "wbinfo -t"
Herb, thanks for all your help... I have winbind up and running wonderfully. I can log in with KDE and the Win2000 domain user! I am very impressed with Samba & Winbind. My boss will love this. I makes Linux a REAL client in a Win2000 Corporate enviroment! thanks tons, Chris -----Original Message----- From: Sarris, Chris [mailto:Chris_Sarris@csgsystems.com] Sent: Tuesday, March 19, 2002 9:11 AM To: 'Herb Lewis'; 'samba@lists.samba.org' Subject: RE: [Samba] what does "Secret is bad" mean for "wbinfo -t" Herb, I think this might help: I executed "smbstatus" and got this back: "tdb (null): tdb_open_ex could not open file /usr/local/samba/var/locks/brlock.tdb no such file tdb (null): tdb_open_ex could not open file /usr/local/samba/var/locks/locking.tdb no such file Error:Failed to initilize lociing database. can't initialize locking module - exiting" Does this mean anything to you? I went to /usr/local/samba/var/locks ...and these files do not exist. However there are sever other files.... messages.tdb unexpected.tdb and some other stuff. what is a "tdb" file? thanks again, Chris -----Original Message----- From: Herb Lewis [mailto:herb@sgi.com] Sent: Tuesday, March 19, 2002 9:06 AM To: Sarris, Chris Cc: 'samba@lists.samba.org' Subject: Re: [Samba] what does "Secret is bad" mean for "wbinfo -t" Do you have the domain name listed in smb.conf? Have you tried restarting winbindd after you joined the domain? The -U option should have worked on Linux to allow you to join the domain but if you didn't restart winbindd I have seen some problems. Typically all you need to do is stop samba (including winbindd), edit the smb.conf file to change the name to the new domain (and password server if not using the "*" syntax), run the smbpasswd command with -j DOMAIN -r PDC -Uadministrator%password and then restart samba and winbindd. "Sarris, Chris" wrote:> > Herb, > thanks for the reply. > I am using Red Hat 7.2 --- on set of notes says use server manager to add > the computer to the Nt 4 domain and then do the "smbpasswd" with the -jand> -r options. Another set of instructions (the latest from samba.org for the > windbindd setup) says just do the smbpasswd command with the -j -r and -U > options if you have an administrator password. From an NT perspective that > should work fine... as we sometimes add a computer to the domain viaServer> Manager and then complete the operation or we do it at the client computer > and supply an Administrator password to do both at once (add to Server > Manager and add to Domain). > > Perphas this is not the case with the smbpasswd command? I don't know. I > just assumed you could do it either way. > > the curious this is that I must have joined the domain because the "wbinfo > -u" and "wbinfo -g" gives me a list of all the users and groups on the NT > domain. So it is working.... but I just don't understand the output of > "wbinfo -t" --- what should it say if everything is working fine? > > What is the process for *Un-joining* a domain and then re-joining adomain?> What if I want to disconnect from one domain and join a different one? Iam> assuming that I can only join one domain at a time and then rely on trust > relationships to contact other domains? Is this true - > > thanks for all your help, > chris-- =====================================================================Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ===================================================================== -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Sarris, Chris
2002-Mar-19 15:15 UTC
[Samba] what does "Secret is bad" mean for "wbinfo -t"
Herb, thanks for all your help... I have winbind up and running wonderfully. I can log in with KDE and the Win2000 domain user! I am very impressed with Samba & Winbind. My boss will love this. I makes Linux a REAL client in a Win2000 Corporate enviroment! thanks tons, Chris