samba - Oct 2007 - Active Directory member problem

Hello

I have added a Linux member server (my laptop) to our production
Windows 2003 ADS domain (with net ads join, not net rpc join). Yet,
when I browse to it from an Xp client (member of the domain) I still
get a username/password dialog.

What works:
- wbinfo -g and wbinfo -u show usernames and passwords (without DOMAIN+ prefix)
- getent passwd works
- smbclient and logging in to the member server with a valid domain
username/pwd works

What does not work:
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret

I can see the host in AD users and computers but something still seems
to be wrong with the machine account... how do I start to troubleshoot
this?

-- 
Frank Van Damme   A: Because it destroys the flow of the conversation
                  Q: Why is it bad?
                  A: No, it's bad.
                  Q: Should I top post in replies to mails or on usenet?

Frank Van Damme wrote:
> Hello
>
> I have added a Linux member server (my laptop) to our production
> Windows 2003 ADS domain (with net ads join, not net rpc join). Yet,
> when I browse to it from an Xp client (member of the domain) I still
> get a username/password dialog.
>
> What works:
> - wbinfo -g and wbinfo -u show usernames and passwords (without DOMAIN+
prefix)
> - getent passwd works
> - smbclient and logging in to the member server with a valid domain
> username/pwd works
>
> What does not work:
> # wbinfo -t
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
> Could not check secret
>
> I can see the host in AD users and computers but something still seems
> to be wrong with the machine account... how do I start to troubleshoot
> this?
>
>   
If wbinfo -t fails, then you have not joined the domain.  This is 
usually due to wrong time.

See this: http://www.aeronetworks.ca/LinuxActiveDirectory.html
for troubleshooting tips.

Cheers,

Herman