winbindd problem

Richard Sharpe rsharpe at
Thu Apr 11 10:02:02 GMT 2002

On Thu, 11 Apr 2002, Orwig, Paul wrote:

> Hmmm...
> My NT admins assure me that they have had the annonymous restriction on for
> months.
> I wonder if when they are modifying the database, the restriction is
> nullified...
> OR, they could be removing the restriction momentarily for something else...

I don't know :-)
> I will get a user/password from the NT admins and try from there. This is
> separate from the domain-join secret?

Yes, it is separate ... check the code in samba/source/nsswitch ...

You use wbinfo to store the extra info in the secrets TDB ... However, as 
I say, this is only possible with a recent version of Samba 2.2.x.

Secondly, it might simply be that there is a problem on HP/UX. 

A network trace would be useful. You could restrict the packets you supply 
to only the winbindd stuff using Ethereal and its ability save only some 
packets etc.

> Paul Orwig
> Pacific Life
> -----Original Message-----
> From: Richard Sharpe [mailto:rsharpe at]
> Sent: Thursday, April 11, 2002 10:47 AM
> To: Orwig, Paul
> Cc: 'MCCALL,DON (HP-USA,ex1)'; 'samba-technical at'
> Subject: RE: winbindd problem
> On Thu, 11 Apr 2002, Orwig, Paul wrote:
> > Just so I understand...
> > The fact that wbinfo -t replies with "secret is good" says that it is able
> > to talk to the domain controller and should be able to request users/group
> > listing. Right?
> Well, yes, but, as Tim pointed out in response to my erroneous statement, 
> the fact that wbinfo -t says that the secret is good means that the trust 
> account secrets stored in tdb are OK.
> winbindd uses anonymous connections to retrieve its information by 
> default, unless you have told it a valid account and password on the 
> DC[s].
> In the presence of restrict-anonymous, this will not work, and if some of 
> your DCs have restrict-anonymous set and some not, you may get 
> intermittent failures.
> Regards
> -----
> Richard Sharpe, rsharpe at, rsharpe at, 
> sharpe at

Richard Sharpe, rsharpe at, rsharpe at, 
sharpe at

More information about the samba-technical mailing list