winbindd: error opening lsa handle on dc
Paul Miller
paul at pinheiro.tcimet.net
Sat Jan 5 07:15:03 GMT 2002
ahh.. it seems that winbindd just tries to synchronize accounts with a win
server. I was hoping to have more administrative control of the user
groups, etc. from windows computers. I guess I have to wait until 3.0.
Is it possible to everyone into the a 'domain users' group, but have
greater control over the local computer, ie a 'power user'? Currently, I
put everyone into the domain admin group so that they'd have access to
install programs, etc. I don't like the idea that they can map other
computers admin shares (ie, \\computer\c$) without even a password. I
would like this all to happen with common/roaming profiles.
-Paul
On Sat, 5 Jan 2002, Andrew Bartlett wrote:
> Paul Miller wrote:
> >
> > I just started working on getting winbindd to work and I'm receiving the
> > following error regarding not begining able to open lsa handle on dc:
> >
> > (Samba 2.2.2-4 Debian package, latest Debian 'testing' distribution)
> >
>
> > --- partial smb.conf ---
> >
> > [global]
> >
> > domain admin group = @smbusers
> >
> > # identification
> > netbios name = PENGUIN
> > workgroup = HOME
> > server string = Server
> >
> > # domain (PDC)
> > security = user
> > os level = 250
> > domain master = yes
> > domain logons = yes
> > local master = yes
> > preferred master = yes
> > logon drive = H:
> > logon home = \\penguin\%u
> > logon path = \\penguin\profiles\%u
> > logon script = logon.bat
> >
> > # winbind
> > winbind separator = +
> > winbind cache time = 10
> > template shell = /bin/false
> > template homedir = /home/%D/%u
> > winbind uid = 10000-20000
> > winbind gid = 10000-20000
> >
> > # wins server
> > wins support = yes
> > name resolve order = wins lmhosts hosts bcast
> >
> > ... one thing I noticed about the previous winbindd posts was that they
> > all had 'security = domain' instead of user. I don't think I need to
> > change this parameter because I want Samba to be the PDC.
>
> So, is this machine a PDC or domain member?
>
> And if its a PDC, why are you running winbind?
>
> If its not a PDC, why have security = user?
>
> What role do you want winbind to play?
> --
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
>
More information about the samba
mailing list