IBM Support

Samba share prompts clearcase_albd for password upon access

Troubleshooting


Problem

This technote outlines troubleshooting steps for Samba when receiving permission denied errors on check out of an IBM® Rational® ClearCase® element in an interoperation (interop) environment.

Cause


A password prompt can occur when the Microsoft® Windows® domain controller hostname is not listed in the /etc/hosts file on the UNIX® (or Linux®) server that runs Samba.

Diagnosing The Problem

The Samba logs will show the error:

domain_client_validate: could not fetch trust account password for domain.

The Samba server must be able to communicate freely with the Windows domain controller in an interop setup.

Resolving The Problem

If permission denied errors appear when checking out elements in an interop environment with Samba, the following steps should be followed to verify that this environment has been correctly set up.

  1. Make sure the interop environment is set up correctly:
    • clearcase_albd must be mapped to the VOBADM account on UNIX. The VOBADM account is the UNIX account that owns all of the VOBs. To verify this, check the Samba username.map file:

      cat username.map
      VOBADM = clearcase_albd

      Note: It may be necessary to include the domain qualified username, like VOBADM = DOMAIN\clearcase_albd.

  2. Verify that the Windows user's credmap output shows users are mapping over correctly; refer to technote 1146784 for more details.

  3. Logging in with a user's Windows account, confirm the user can access the Samba shares as well as write in the Samba shares without being prompted for a password. To test on Windows, open Windows Explorer and in the address bar type the path to the Samba share in UNC format:
    • \\hostname\vobstore

  4. Ensure that the Samba.conf file is configured correctly:
    • # Samba config file created using SWAT
      # from Sambahost (10.65.16.100)
      # Date: 2003/02/20 15:30:59

      # Global parameters
      [global]
      workgroup = WIN_DOMAIN
      netbios name = Samba_HOSTNAME
      security = DOMAIN
      encrypt passwords = Yes
      password server = WIN_DOMAIN_CONTROLER
      username map = /usr/local/Samba/lib/username.map
      local master = No
      domain master = False
      kernel oplocks = No
      oplocks = No
      level2 oplocks = No

      [vobs]
      path = /vobstore
      read only = No

      [views]
      path = /viewstore
      read only = No


      For more information and directions on modifying the smb.conf file, refer to the smb.conf man page.

  5. If the settings are found to be correct, log onto a Windows host running Rational ClearCase with the Atria Location Broker Daemon (ALBD) user account; usually the clearcase_albd account. Try to access the Samba share. When attempting to do if a password prompt dialogue box opens, then refer to technote 1180096 for more details.

  6. Check the Samba logs for the following error:
    • domain_client_validate: could not fetch trust account password for domain

  7. Check the /etc/hosts file on the UNIX server where Samba is installed regardless of the presence of an NIS domain or not. Make sure that the Windows domain controller server is added to the /etc/hosts file on the Samba server. A sample /etc/hosts file below:
    • $cat /etc/hosts
      10.65.16.100    hostname hostname.domain.com

      In the above example, the IP address is that of the Windows domain controller. The "hostname" is the hostname of the Windows Domain Controller. The "hostname.domain.com" is the fully qualified domain name of the Windows Domain Controller.

    [{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Interop: SMB","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.1.2;8.0;8.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

    Document Information

    Modified date:
    29 September 2018

    UID

    swg21142762

    Page Feedback