Error Unable To Fetch Machine Password For In Domain Group
to fetch machine password for DLEL70$@ in domain Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] I'm new to SAMBA, so I apologize up front if I ask a dumb question! We upgraded from solaris 8 (samba2.2.8a) to solaris 10 and installed samba 3.2.4. When user tried to use samba, they got "Failed to open /usr/local/samba/private/secrets.tdb". I thought maybe the file just needed to be there, so I touched the new file into existence, and then they got this error: "ERROR: Unable to fetch machine password for DLEL70$@ in domain". The previous installation of 2.2.8a on solaris 8 did not get these errors, and the /usr/local/samba/private directory was empty as well. Is there a way around this? Is there a parameter I need to set? Thanks! Previous message: [Samba] Windows 2008 terminal services with a samba PDC Next message: [Samba] ERROR: Unable to fetch machine password for DLEL70$@ in domain Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] More information about the samba mailing list
♦ ♦ | Report Content as Inappropriate ♦ ♦ Machine-level shares on Windows server Hi, I have Samba 3.0.22 running on a VM-hosted ubuntu 6.06, with the VM existing to host a Bugzilla server for our development team. I'd like to be able to periodically backup the MySQL database to a remote device on our domain. The PDC is Win2003 SBS (named simply "sbs"), & I have successfully got the "bugzilla" machine joined to the domain. The bugzilla computer shows up in the PDC's "Computers" list & all looks good (the "getent passwd|group" command works as expected, etc). However, what I'd like to do is use something like smbclient -c "put mysqlbackup.db" //sbs/backup in https://lists.samba.org/archive/samba/2009-September/150481.html a cron job WITHOUT having to perform a user logon. After all, the machine is already authenticated with the domain, right? I have set up a share on the SBS machine for the backup with the computer "backup" having R/W privileges to it. I've found that I can't access the share (or even get the list of shares as in the examples below) using the -P (--machine-password) switch, so I get the choice of $smbclient -P -L //sbs http://samba.2283325.n4.nabble.com/Machine-level-shares-on-Windows-server-td2450461.html Failed to open /var/lib/samba/secrets.tdb ERROR: Unable to open secrets database or $sudo smbclient -P -L //sbs ERROR: Unable to fetch machine password I can't seem to find much documentation on using machine-level passwords without the topic being the Samba server acting as the PDC, so none seem really to apply here. What am I missing? Anyone? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Gerald Carter-4 Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: Machine-level shares on Windows server -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Evans wrote: > I've found that I can't access the share (or even get the > list of shares as in the examples below) using the -P > (--machine-password) switch, so I get the choice of > > $smbclient -P -L //sbs > Failed to open /var/lib/samba/secrets.tdb > ERROR: Unable to open secrets database You don't appear to be root. Secrets.tdb is rw for root only. cheers, jerry - -- ===================================================================== Samba ------- http://www.samba.orgLikewise Software --------- http://www.likewisesoftware.com"What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.orgiD8DBQFInDDzIR7qMdg1EfYRAocgAJ9amQTW+5kgCzj/D4x
Red Hat Certificate System Red Hat Satellite Subscription Asset Manager Red Hat Update Infrastructure Red Hat Insights Ansible Tower by Red Hat Cloud Computing Back https://access.redhat.com/discussions/1188883 Red Hat CloudForms Red Hat OpenStack Platform Red Hat Cloud Infrastructure Red http://pig.made-it.com/samba.html Hat Cloud Suite Red Hat OpenShift Container Platform Red Hat OpenShift Online Red Hat OpenShift Dedicated Storage Back Red Hat Gluster Storage Red Hat Ceph Storage JBoss Development and Management Back Red Hat JBoss Enterprise Application Platform Red Hat JBoss Data Grid Red Hat JBoss Web Server Red error unable Hat JBoss Portal Red Hat JBoss Operations Network Red Hat JBoss Developer Studio JBoss Integration and Automation Back Red Hat JBoss Data Virtualization Red Hat JBoss Fuse Red Hat JBoss A-MQ Red Hat JBoss BPM Suite Red Hat JBoss BRMS Mobile Back Red Hat Mobile Application Platform Services Back Consulting Technical Account Management Training & Certifications Red Hat Enterprise Linux error unable to Developer Program Support Get Support Production Support Development Support Product Life Cycle & Update Policies Knowledge Search Documentation Knowledgebase Videos Discussions Ecosystem Browse Certified Solutions Overview Partner Resources Tools Back Red Hat Insights Learn More Red Hat Access Labs Explore Labs Configuration Deployment Troubleshooting Security Additional Tools Red Hat Access plug-ins Red Hat Satellite Certificate Tool Security Back Product Security Center Security Updates Security Advisories Red Hat CVE Database Security Labs Resources Overview Security Blog Security Measurement Severity Ratings Backporting Policies Product Signing (GPG) Keys Community Back Discussions Red Hat Enterprise Linux Red Hat Virtualization Red Hat Satellite Customer Portal Private Groups All Discussions Start a Discussion Blogs Customer Portal Red Hat Product Security Red Hat Access Labs Red Hat Insights All Blogs Events Customer Events Red Hat Summit Stories Red Hat Subscription Benefits You Asked. We Acted. Open Source Communities Subscriptions Downloads Support Cases Account Back Log In Register Red Hat Account Number: Account Details Newsletter and Contact Preferences User Management Account Maintenance My Profile Notifications Help Log Out Language Back English español Deutsch italiano 한국어
will setup SAMBA as a CIFS server, and only that. It is assumed that users and clients logon against Kerberos and LDAP as described in previous documents. After users have received their Kerberos ticket, they can start using the SAMBA services. Meaning that SAMBA has to honour connections with a valid ticket. And deny all other access. The other goal is to have as much centralized in LDAP. Meaning LDAP has to support SAMBA accounts. For this we need the samba.schema file included in the OpenLDAP configuration. SAMBA on the network I don't know about you, but I hate all the broadcasts and ports used by Windows networking systems, while all I need is a server that provides shares to the network. So for me only SMB over TCP/IP is sufficient. All that will be left out is: 135 Microsoft compatible ONC DCE RPC services 138 NetBios Datagram Service 139 NetBIOS over TCP/IP Also since AD and SAMBA can perfectly work with DNS, there is no need to use WINS (NetBIOS name services), so we will skip that. Important Note I have had some strange problems that where SELinux related. To prevent that from happening make sure that SELinux is set to permissive on your SAMBA server: setenforce 0 If you later on get messages from smbclient telling you NT_STATUS_BAD_NETWORK_NAME it might be SELinux that is not set to permissive. You have been warned. Initial setup Configure your host to use your LDAP and Kerberos server (on Red Hat based systems run authconfig-tui). Create the krb5.keytab file. DNS support Add to DNS: _ldap._tcp.dc._msdcs.EXAMPLE.COM SRV 0 389 ldap.example.com. This entry is need when we direct SAMBA to act as a ADS member server. Also add a DNS entry for your samba server. We also add an SRV record, although it will not be used, we make it a habit of adding those records: fs01 CNAME larix larix A 192.168.1.55 _cifs._tcp SRV 0 0 445 larix.example.com LDAP support Copy the samba3.schema to /etc/openldap/schema/ Add to slapd.conf: # Include samba support include /etc/openldap/schema/samba3.schema ... # Make sure no-one can read or write the samba password fields access to attr=sambaLMPassword,sambaNTPassword by * none ... # Create samba indexes index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub Make OpenLDAP work with the new settings: service ldap stop slapindex service ldap start If you are like me and watch everything that goes over the line, you might notice that SAMBA tries to use CLDAP. CLDAP is LDAP over UDP, which is not supported in OpenLDAP anymore, but which is still used by Microsofts Active Directory. SIDs and RIDs Before we add users and group