> From: Toby Bluhm <[EMAIL PROTECTED]> > Date: 2008/06/18 Wed PM 03:35:58 GMT > To: samba@lists.samba.org > Subject: Re: [Samba] Accessing member server prompts for credentials > > Leon Stringer wrote: > > I'm still struggling with this if anyone can help. > > > >> I'm trying to join a server as an AD member but it isn't working. > >> > >> I do: > >> > >> kinit [EMAIL PROTECTED] > >> > >> which prompts for the password and displays nothing else. Then I do: > >> > >> net ads join -U Administrator%XXXXX > >> > >> which returns: > >> > >> Using short domain name -- DOMAIN1 > >> Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' > >> > >> So all looks OK, but when I try to browse the shares on \\server1 > >> from another domain member I'm prompted for a username and password. Any > >> valid domain credentials are rejected. > > Actually, it all looks good so far, but you need a little more setup so > samba can authenticate accounts against AD. > > Do you have winbindd running? > What does 'wbinfo -t' tell you? > Do you have the winbind sections in smb.conf configured correctly? > Can you get a list of AD accounts with 'wbinfo -u'? > Did you configure nsswitch.conf correctly? > If 'id "DOMAIN\user"' returns useful info about the user, your machine > is authenticating with AD correctly. > Also, ntpd needs to sync the time very closely with the domain. 'date ; > net time -w DOMAIN' should show times that are within seconds of each other. > > > Go back to the Samba HOWTO and review Ch. 24 and 29. Any text in the > HOWTO that mentions NT4 or PDC or BDC configuration is not for your > situation. > > Did you see my comments about winbind at the bottom of that message?
Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly. And when I do wbinfo -t I get: the trust secret via RPC calls succeeded but only for the first five minutes after starting winbindd. After five minutes I get: checking the trust secret via RPC calls failed error code was (0x0) Could not check secret wbinfo -u does not work at any point. log.winbindd-idmap says: [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182) async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it. [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229) Could not receive trustdoms Any more advice gratefully received. ----------------------------------------- Email sent from www.virginmedia.com/email Virus-checked using McAfee(R) Software and scanned for spam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
