FW: [Samba] Winbind and Windows 2000

Brad Richins BRichins at lopezgarciagroup.com
Fri Jul 5 05:52:02 GMT 2002


-----Original Message-----
From: Juergen Hasch [mailto:Hasch at t-online.de] 
Sent: Thursday, July 04, 2002 15:15
To: Buchan Milne
Cc: samba at lists.samba.org
Subject: Re: [Samba] Winbind and Windows 2000

Am Donnerstag, 4. Juli 2002 12:48 schrieb Buchan Milne:

> > You can set a user for winbind to authenticate with:
> > 	wbinfo -A user%password
>
> But shouldn't winbind set this up to use the machine account? Or how
is
> this supposed to work? Does it need a user account?
>
> We are looking at streamlining the process of joining winbind
machines,
> and potential clients are very averse to enabling pre-Windows-2000
> compatible access.
>
> Or should we just have a wrapper around smbpasswd -j which grabs the
> username and password of a domain admin account, and uses that for
> wbinfo -A. Only problem is that this wouldn't work for pre-made
machine
> accounts ....
>

You don't want to use your valuable domain admin account and store it
in a cleartext database. 

Either enable anonymous connect on the W2K machine or use an account
with less (or no) privileges.

...Juergen

My advice (and what I did) is to create a Domain account specifically
for Samba/Winbind authentication.  Same concept as creating an Exchange
service account or a SQL service account except you don't have to give
is special access rights.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




More information about the samba mailing list