winbindd: error opening lsa handle on dc

Paul Miller paul at pinheiro.tcimet.net
Sat Jan 5 07:15:03 GMT 2002 

ahh.. it seems that winbindd just tries to synchronize accounts with a win
server.  I was hoping to have more administrative control of the user
groups, etc. from windows computers.  I guess I have to wait until 3.0.

Is it possible to everyone into the a 'domain users' group, but have
greater control over the local computer, ie a 'power user'?  Currently, I
put everyone into the domain admin group so that they'd have access to
install programs, etc.  I don't like the idea that they can map other
computers admin shares (ie, \\computer\c$) without even a password.  I
would like this all to happen with common/roaming profiles.

-Paul


On Sat, 5 Jan 2002, Andrew Bartlett wrote:

> Paul Miller wrote:
> > 
> > I just started working on getting winbindd to work and I'm receiving the
> > following error regarding not begining able to open lsa handle on dc:
> > 
> > (Samba 2.2.2-4 Debian package, latest Debian 'testing' distribution)
> > 
> 
> > --- partial smb.conf ---
> > 
> > [global]
> > 
> > domain admin group = @smbusers
> > 
> > # identification
> >     netbios name = PENGUIN
> >     workgroup = HOME
> >     server string = Server
> > 
> > # domain (PDC)
> >     security = user
> >     os level = 250
> >     domain master = yes
> >     domain logons = yes
> >     local master = yes
> >     preferred master = yes
> >     logon drive = H:
> >     logon home = \\penguin\%u
> >     logon path = \\penguin\profiles\%u
> >     logon script = logon.bat
> > 
> > # winbind
> >     winbind separator = +
> >     winbind cache time = 10
> >     template shell = /bin/false
> >     template homedir = /home/%D/%u
> >     winbind uid = 10000-20000
> >     winbind gid = 10000-20000
> > 
> > # wins server
> >     wins support = yes
> >     name resolve order = wins lmhosts hosts bcast
> > 
> > ... one thing I noticed about the previous winbindd posts was that they
> > all had 'security = domain' instead of user.  I don't think I need to
> > change this parameter because I want Samba to be the PDC.
> 
> So, is this machine a PDC or domain member?
> 
> And if its a PDC, why are you running winbind? 
> 
> If its not a PDC, why have security = user?
> 
> What role do you want winbind to play?
> -- 
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
>

More information about the samba mailing list