winbindd problem
Richard Sharpe
rsharpe at ns.aus.com
Thu Apr 11 10:02:02 GMT 2002
On Thu, 11 Apr 2002, Orwig, Paul wrote:
> Hmmm...
> My NT admins assure me that they have had the annonymous restriction on for
> months.
> I wonder if when they are modifying the database, the restriction is
> nullified...
> OR, they could be removing the restriction momentarily for something else...
I don't know :-)
> I will get a user/password from the NT admins and try from there. This is
> separate from the domain-join secret?
Yes, it is separate ... check the code in samba/source/nsswitch ...
You use wbinfo to store the extra info in the secrets TDB ... However, as
I say, this is only possible with a recent version of Samba 2.2.x.
Secondly, it might simply be that there is a problem on HP/UX.
A network trace would be useful. You could restrict the packets you supply
to only the winbindd stuff using Ethereal and its ability save only some
packets etc.
> Paul Orwig
> Pacific Life
>
> -----Original Message-----
> From: Richard Sharpe [mailto:rsharpe at ns.aus.com]
> Sent: Thursday, April 11, 2002 10:47 AM
> To: Orwig, Paul
> Cc: 'MCCALL,DON (HP-USA,ex1)'; 'samba-technical at lists.samba.org'
> Subject: RE: winbindd problem
>
>
> On Thu, 11 Apr 2002, Orwig, Paul wrote:
>
> > Just so I understand...
> > The fact that wbinfo -t replies with "secret is good" says that it is able
> > to talk to the domain controller and should be able to request users/group
> > listing. Right?
>
> Well, yes, but, as Tim pointed out in response to my erroneous statement,
> the fact that wbinfo -t says that the secret is good means that the trust
> account secrets stored in tdb are OK.
>
> winbindd uses anonymous connections to retrieve its information by
> default, unless you have told it a valid account and password on the
> DC[s].
>
> In the presence of restrict-anonymous, this will not work, and if some of
> your DCs have restrict-anonymous set and some not, you may get
> intermittent failures.
>
> Regards
> -----
> Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
> sharpe at ethereal.com
>
--
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list