Troubleshooting
Problem
This technote outlines troubleshooting steps for Samba when receiving permission denied errors on check out of an IBM® Rational® ClearCase® element in an interoperation (interop) environment.
Cause
A password prompt can occur when the Microsoft® Windows® domain controller hostname is not listed in the /etc/hosts file on the UNIX® (or Linux®) server that runs Samba.
Diagnosing The Problem
The Samba logs will show the error:
domain_client_validate: could not fetch trust account password for domain.
The Samba server must be able to communicate freely with the Windows domain controller in an interop setup.
Resolving The Problem
If permission denied errors appear when checking out elements in an interop environment with Samba, the following steps should be followed to verify that this environment has been correctly set up.
- Make sure the interop environment is set up correctly:
- clearcase_albd must be mapped to the VOBADM account on UNIX. The VOBADM account is the UNIX account that owns all of the VOBs. To verify this, check the Samba username.map file:
cat username.map
VOBADM = clearcase_albd
Note: It may be necessary to include the domain qualified username, like VOBADM = DOMAIN\clearcase_albd.
- Verify that the Windows user's credmap output shows users are mapping over correctly; refer to technote 1146784 for more details.
- Logging in with a user's Windows account, confirm the user can access the Samba shares as well as write in the Samba shares without being prompted for a password. To test on Windows, open Windows Explorer and in the address bar type the path to the Samba share in UNC format:
- \\hostname\vobstore
- Ensure that the Samba.conf file is configured correctly:
- # Samba config file created using SWAT
# from Sambahost (10.65.16.100)
# Date: 2003/02/20 15:30:59
# Global parameters
[global]
workgroup = WIN_DOMAIN
netbios name = Samba_HOSTNAME
security = DOMAIN
encrypt passwords = Yes
password server = WIN_DOMAIN_CONTROLER
username map = /usr/local/Samba/lib/username.map
local master = No
domain master = False
kernel oplocks = No
oplocks = No
level2 oplocks = No
[vobs]
path = /vobstore
read only = No
[views]
path = /viewstore
read only = No
For more information and directions on modifying the smb.conf file, refer to the smb.conf man page.
- If the settings are found to be correct, log onto a Windows host running Rational ClearCase with the Atria Location Broker Daemon (ALBD) user account; usually the clearcase_albd account. Try to access the Samba share. When attempting to do if a password prompt dialogue box opens, then refer to technote 1180096 for more details.
- Check the Samba logs for the following error:
- domain_client_validate: could not fetch trust account password for domain
- Check the /etc/hosts file on the UNIX server where Samba is installed regardless of the presence of an NIS domain or not. Make sure that the Windows domain controller server is added to the /etc/hosts file on the Samba server. A sample /etc/hosts file below:
- $cat /etc/hosts
10.65.16.100 hostname hostname.domain.com
In the above example, the IP address is that of the Windows domain controller. The "hostname" is the hostname of the Windows Domain Controller. The "hostname.domain.com" is the fully qualified domain name of the Windows Domain Controller.
Was this topic helpful?
Document Information
Modified date:
29 September 2018
UID
swg21142762