I set up 4 Sun X4540 servers running Solaris 10 and Samba v3.0.33. A
couple weeks back, one of the 4 stopped authenticating Windows AD
requests. I've tried removed it an adding it back to the domain, but
still no luck. The global config on the 4 servers is the same, only the
shares are different. When I first installed Samba on this server (and
everything was working), I didn't have to configure krb5.conf (nor have
I configured it on the other 3 servers). Now I had to configure it, and
can successfully add it back to the domain. The net ads status, net ads
testjoin, net rpc testjoin, and net rpc info all return correct info.
bash-3.00# net ads status
SSMKG's password:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: sun234
distinguishedName: CN=sun234,OU=APS Servers,OU=Member
Servers,OU=Computers,OU=Enterprise,DC=enterprise,DC=pseg,DC=com
instanceType: 4
whenCreated: 20090725130337.0Z
whenChanged: 20090725140318.0Z
uSNCreated: 38669648
uSNChanged: 38670121
name: sun234
objectGUID: 69d15994-6242-459c-b8fb-3ef435872ae1
userAccountControl: 69632
badPwdCount: 1
codePage: 0
countryCode: 0
badPasswordTime: 128930252664255001
lastLogoff: 0
lastLogon: 128930250812259310
localPolicyFlags: 0
pwdLastSet: 128930006201336513
primaryGroupID: 515
objectSid: S-1-5-21-1876172974-742851678-1849977318-107306
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: sun234$
sAMAccountType: 805306369
dNSHostName: sun234.pseg.com
servicePrincipalName: HOST/sun234.pseg.com
servicePrincipalName: HOST/SUN234
objectCategory:
CN=Computer,CN=Schema,CN=Configuration,DC=enterprise,DC=pseg,DC=com
isCriticalSystemObject: FALSE
dSCorePropagationData: 20090725140318.0Z
dSCorePropagationData: 20090725140318.0Z
dSCorePropagationData: 20090725140318.0Z
dSCorePropagationData: 16010108151513.0Z
lastLogonTimestamp: 128930006201961501
bash-3.00# net ads testjoin
Join is OK
bash-3.00# net rpc testjoin
Join to 'ENTERPRISE' is OK
bash-3.00# net rpc info
Password:
Domain Name: ENTERPRISE
Domain SID: S-1-5-21-1876172974-742851678-1849977318
Sequence number: 1
Num users: 17819
Num domain groups: 8853
Num local groups: 827
But some of the wbinfo commands don't work. In particular, when I run
wbinfo -t, I get the following error:
bash-3.00# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
How can I recover from this error? If I removed from domain, delete the
secrets.tbd file, and add back to domain will that resolve the issue? I
tried searching samba.org for help, but it appears the search engine is
currently unavailable.
********************************
Michael K. Gallagher
Lead Senior Consultant
PSEG Services Corporation - IT
80 Park Plaza, T15
Newark, NJ 07102
973-430-7945
973-430-5129 (fax)
michael.gallag...@pseg.com
-----------------------------------------
The information contained in this e-mail, including any
attachment(s), is intended solely for use by the named
addressee(s). If you are not the intended recipient, or a person
designated as responsible for delivering such messages to the
intended recipient, you are not authorized to disclose, copy,
distribute or retain this message, in whole or in part, without
written authorization from PSEG. This e-mail may contain
proprietary, confidential or privileged information. If you have
received this message in error, please notify the sender
immediately. This notice is included in all e-mail messages leaving
PSEG. Thank you for your cooperation.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
