Winbind on Solaris 2.6

Dean Ward wardd at thewinesociety.com
Thu Dec 20 13:28:40 GMT 2001


Dear All,

Problem found - our domain controllers have the RestrictAnonymous setting in
their registries (HKLM\CurrentControlSet\Control\LSA, RestrictAnonymous
DWORD) to prevent anonymous users getting access to account information. I'm
not sure whether I should enable this on the production domain controllers
as the ability to enumerate users anonymously is somewhat of a security risk
- is there a need to enumerate users and groups simply to do authentication
using Winbind (I've not got that far yet :)

Kind Regards,

Dean Ward
Info Systems
The Wine Society

> -----Original Message-----
> From:	Gerald (Jerry) Carter [SMTP:jerry at samba.org]
> Sent:	20 December 2001 17:48
> To:	Dean Ward
> Cc:	'samba at lists.samba.org'
> Subject:	RE: Winbind on Solaris 2.6
> 
> On Thu, 20 Dec 2001, Dean Ward wrote:
> 
> > It would appear that communication with the PDC is fine - all other
> commands
> > (-t, -m, -s SID, -n name, etc.) work OK, it's just the group/user
> > enumeration calls that appear to fail. Has anybody got any ideas
> whatsoever
> > - I think it has to be a problem on the NT PDC side as, according to the
> > debug log at level 10:
> >
> > 000018 samr_io_r_query_dispinfo
> >     0018 total_size  : 00000000
> >     001c data_size   : 00000000
> >     0020 switch_level: 0001
> >     0024 num_entries : 00000000
> >     0028 ptr_entries : 00000000
> >     002c status: c0000022
>                    ^^^^^^^^
> This is NT_STATUS_ACCESS_DENIED.  Hope this helps.
> 
> > No entries are returned from the NetQueryDisplayInformation RPC...
> 
> 
> 
> 
> chau, jerry
>  ---------------------------------------------------------------------
>  Hewlett-Packard                                     http://www.hp.com
>  SAMBA Team                                       http://www.samba.org
>  --                                            http://www.plainjoe.org
>  "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
>  --"I never saved anything for the swim back." Ethan Hawk in Gattaca--




More information about the samba mailing list