bug? Samba ADS member server does _not_ accept userid/pw but
only kerberos
Andrew Bartlett
abartlet at samba.org
Fri Feb 6 21:00:49 GMT 2004
On Sat, 2004-02-07 at 01:29, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Volker.Lendecke at SerNet.DE wrote:
> | On Thu, Feb 05, 2004 at 08:08:49PM +0100, Stefan Beck wrote:
> |
> |>I created two attachments with logs/dumps there.
> |>Please let me know if you need more data.
> |
> |
> | Just to make sure: You DC is named IWS82328? It denies
> | anonymous tconX to the IPC$ share, that's the symptom.
> | No idea why it does it.
>
> That's windows 2003 default policy. RestrictAnonymous == 2 IIRC.
>
> | As a workaround, could you try to run winbindd (not necessarily
> | nss_winbind) and give it a valid user/password with
> | 'wbinfo --set-auth-user=user%pass' to use to connect to the DC?
> | This user does not have to have any rights in the DC's file system,
> | it just needs a correct password.
>
> Try tridge's schannel patch just for kicks :-)
That won't help for RA=2, but it is why we try a kerberos bind to the
DC. It sounds like the issue might simply be local kerberos
configuration - does smbclient -k -Uuser%pass work?
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040207/a406d687/attachment.bin
More information about the samba-technical
mailing list