----- Original Message ----- From: "Chere Zhou" <[EMAIL PROTECTED]> To: "Scott Prive" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, March 11, 2003 4:49 PM Subject: Re: How to verify the domain secret is good or bad?
> On Tuesday 11 March 2003 01:23 pm, Scott Prive wrote: > > ----- Original Message ----- > > From: "Chere Zhou" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Tuesday, March 11, 2003 3:40 PM > > Subject: How to verify the domain secret is good or bad? > > > > > I know there is the command "wbinfo -t". But when it says that "could > > > not check secret", how do I know it's the secret is bad, or something > > > else > > > > wrong, > > > > > like winbind went crazy maybe? > > > > > > Also, sometimes I saw problems like "wbinfo -t" just says "secret is > > > bad", when all the daemons were running. It sure was good at some point > > > before. > > > > > > So my question is, in what condition that the secret can go bad? How do > > > I check it? > > > > The pdc-secret thing is something I don't completely understand, but I *do* > > know that secret-testing is done loosely over the network. A bad secret > > does not mean conclusively that the secret is bad... it means that the test > > was not successful. So you can get "secret is bad" if for example the > > network is congested, etc. and the compare did not occur in time. > > > > Sometimes I've joined a domain and still got this error. If I wait 60 > > seconds are re-run wbinfo -t, I get a 'secret is good'. > > > > Also, I believe the secret can go bad if you change hostname or some other > > info. I'm not entirely sure what all the possible failures are. > > > > -Scott > > So, if I do not do anything like change hostname, ip or anything like that, > my secret should potentially always be good? That's good to know. I'm not sure about a lot of things, so don't make any bets on my advice OK? :-) "always"? For the short term, I believe that is true... a working secret stays valid so long as you don't "change things". I do not know exactly know what all the possible triggers are for invalidating your secret. Secrets may have an expiration date (so you can't say 'always'), but if there is a use-by date, I do not know what it is. Someone else might. -Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba