w2k3 sp1 and 'security = domain'
Gerald (Jerry) Carter
jerry at samba.org
Fri Apr 8 04:36:54 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker,
This is what I found out tonight.
The issue: W2k3 sp1 now disallows anonymous
samr_connectX() connects (even with schannel).
To reproduce: join winbindd using 'security = domain'
to a Win2003 SP1 domain and then run 'wbinfo -u'.
Apparently to fix this in the current SAMBA_3_0 code you have
to use a non-anonymous connection *and* disable schannel.
Or maybe the schannel credentials take precedence over the
ones used to connect to IPC$. In either case, schannel
is not enough to get past the ACCESS_DENIED on the samr_connectX()
call.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCVgpmIR7qMdg1EfYRAjDlAKC//KxrArQlpfv+n82/jqGT//9s/wCg4dtq
yJPeCYZMgAELB0cwGIdO1u0=
=p6mD
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list