"Konkol, Josh" wrote: > > I have two suggestions: > > 1. I would change your winbind separator. I think it's confusing if you > use the default '\'. To do this add a line to your winbind segment that > says: > > winbind separator = + > > 2. In my experience with "Secret is Bad", I had a 90% fix rate when I did > the following > > Deleted all files under %sambaroot%\private
BAD IDEA. The data in this directory is intended to be persistant - and deleting it will regenerate the computer SID. This can have unintended consequences. > Re-created the samba machine account using: > %sambaroot%\bin\smbpasswd -a -m MACHINENAME$ Not required - the 'machinename$' account exists on the PDC ONLY. You only even 'see' this on a Samba PDC - on win2k that account appears in 'server manager' as the domain member. > Delete the computer account in the domain using Server Manager > Re-joined the domain using: %sambaroot%\bin\smbpasswd -j DOMAINNAME > -r PDCNAME > Then check the secret again. It is better to simply rejoin the domain from the unix command line: smbpasswd -j DOMAIN -r PDC -Uadministrator As this avoids a nasty race condition: 'Adding' a machine to a domain actually sets a well-known password on the account - a password that the machine then 'knows' (its based on the workstation/server name) and changes during the 'join'. Sombody else could change it first - which would not be 'a good thing'. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
