Andrew Bartlett abartlet at
Mon Oct 27 22:36:18 GMT 2003

On Tue, 2003-10-28 at 04:06, Marc Kaplan wrote:
> Raphael,
> I would guess that your NT4 domain has RestrictAnonymous set. Check
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous.
> If that is set to 1, you need to run wbinfo
> --set-auth-user=administrator%administratorspw, and then restart winbindd.

NO, NO, NO!!!

That should be

You should *never* put an administrative user into this.  You should put
a user you don't care about, preferably one that you created just for
the purpose.  

If I see this 'advise' one more time, I'll put a special, load debug
watch in wbinfo on the string 'Administrator'...

We only do this to get around the fact that we cannot do NTLM logins as
our machine account.  In AD, we use or machine account and kerberos, to
avoid this mess.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list