winbindd problem
Tim Potter
tpot at samba.org
Thu Apr 11 16:10:01 GMT 2002
On Thu, Apr 11, 2002 at 12:47:08PM -0500, Esh, Andrew wrote:
> Here it is:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q143474
>
> It's a key in the Registry called:
>
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous
>
> If it's not there (the default), anonymous logins are allowed.
Here's my collection of links on the subject:
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
http://www1.securityfocus.com/frames/?focus=microsoft&content=/focus/microsoft/nt/restrict.html
You can also use rpcclient to test whether it is turned on for a given
machine. Run rpcclient pdcname -U% -c querydispinfo. If you get an
error (hmm - haven't done it in a while so I can't remember the exact
name of it) then you probably have restrict anonymous set for that
machine. You can then run rpcclient with -Uusername%password and it should
work when the anonymous connection did not.
Hmm - maybe I should put a level 0 debug in the winbindd log file when
that particular error is encountered?
Tim.
More information about the samba-technical
mailing list