Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8306: Centrify-enabled samba not accessible due to error "NT_STATUS_CANT_ACCESS_DOMAIN_INFO"

22 June,18 at 09:59 PM

Problem:

Centrify enabled samba not accessible due to error "NT_STATUS_CANT_ACCESS_DOMAIN_INFO"

Getting below error on server while running command wbinfo -t
 
Checking the trust secret for domain ADS via RPC calls failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret


Cause:

In this case, the hostname was too long (19 characters) and therefore adbindproxy could not set or reset the machine secret in the secrets.tdb file. 15 characters is the limit.

From the log snippet below, the netbios name was trimmed to be 'REALLYLONG-HOST' from 'REALLYLONG-HOSTNAME'. When it tried to verify if the netbios name and the machine name matched, they did not. Therefore, it could not change the password in the secrets.tdb file.


Snippet from logs:

Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.libtdbso execSambaVersion: Returns 3.6.24-CDC-4.5.8-506
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.libtdbso NETBIOS name is longer than 15 chars.Trim down the name to 'REALLYLONG-HOST'
Jan 17 15:46:59 reallylong-hostname auth|security:info adclient[7733478]: INFO <fd:18 set machine password > samba.interop Attempting interoperability with Samba version 3.6.24-CDC-4.5.8-506.
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.interop SambaInterop:
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.interop Centify adDomain name = ADS.ACME.COM
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.interop Centrify host name = reallylong-hostname
[...]
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.interop Samba NetBIOS Name = REALLYLONG-HOST
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.interop Machine Acct Database = /etc/samba/private/secrets.tdb
[...]
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.interop Samba Is Joined? = True
[...]
Jan 17 15:46:59 reallylong-hostname auth|security:debug adclient[7733478]: DEBUG <fd:18 set machine password > samba.interop Samba and Centrify Share Machine account? = False
Jan 17 15:46:59 reallylong-hostname auth|security:info adclient[7733478]: INFO <fd:18 set machine password > samba.interop Samba Join Status = Samba is joined to our AD domain using a different MACHINE account



Resolution:

Option 1:

a. Rename the server hostname to a something less than 19 characters.
b. Run adleave
c. Run re-adjoin to join the machine back to the zone.
d. Re-run adbindproxy.pl script. (/usr/share/centrifydc/bin/adbindproxy.pl)

or

Option 2: Set centrifydc.conf setting to allow Centrify agent to be able to handle 19 characters.

a. Login the Samba server as root
b. Run adleave command to leave zone
c. Set the following parameter in the file /etc/centrifydc/centrifydc.conf
adjoin.samaccountname.length: 19
d. Join the host to domain again by the adjoin command
e. Run the script adbindproxy.pl again
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.