bug? Samba ADS member server does _not_ accept userid/pw but only kerberos

Andrew Bartlett abartlet at samba.org
Fri Feb 6 21:00:49 GMT 2004

On Sat, 2004-02-07 at 01:29, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Volker.Lendecke at SerNet.DE wrote:
> | On Thu, Feb 05, 2004 at 08:08:49PM +0100, Stefan Beck wrote:
> |
> |>I created two attachments with logs/dumps there.
> |>Please let me know if you need more data.
> |
> |
> | Just to make sure: You DC is named IWS82328? It denies
> | anonymous tconX to the IPC$ share, that's the symptom.
> | No idea why it does it.
> That's windows 2003 default policy.  RestrictAnonymous == 2 IIRC.
> | As a workaround, could you try to run winbindd (not necessarily
> | nss_winbind) and give it a valid user/password with
> | 'wbinfo --set-auth-user=user%pass' to use to connect to the DC?
> | This user does not have to have any rights in the DC's file system,
> | it just needs a correct password.
> Try tridge's schannel patch just for kicks :-)

That won't help for RA=2, but it is why we try a kerberos bind to the
DC.  It sounds like the issue might simply be local kerberos
configuration - does smbclient -k -Uuser%pass work?

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040207/a406d687/attachment.bin

More information about the samba-technical mailing list