w2k3 sp1 and 'security = domain'

Gerald (Jerry) Carter jerry at samba.org
Fri Apr 8 04:36:54 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker,

This is what I found out tonight.

	The issue:  W2k3 sp1 now disallows anonymous
	samr_connectX()	connects (even with schannel).

	To reproduce: join winbindd using 'security = domain'
	to a Win2003 SP1 domain and then run 'wbinfo -u'.

Apparently to fix this in the current SAMBA_3_0 code you have
to use a non-anonymous connection *and* disable schannel.
Or maybe the schannel credentials take precedence over the
ones used to connect to IPC$.  In either case, schannel
is not enough to get past the ACCESS_DENIED on the samr_connectX()
call.




cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCVgpmIR7qMdg1EfYRAjDlAKC//KxrArQlpfv+n82/jqGT//9s/wCg4dtq
yJPeCYZMgAELB0cwGIdO1u0=
=p6mD
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list