Winbind issues

Mike Pain mtp at blaby.gov.uk
Fri Nov 23 08:56:02 GMT 2001


Several questions really (all on the stable 2.2.2 samba compiled with
winbind and acls (and Brandon Stone's recycle bin), with a 2.4.14 kernel
along with acls from acl.bestbits.at on a RedHat 7.2 box)...

1) Does anyone know how to stop the security event log on an NT PDC filling
up with lots of ANONYMOUS accesses to the Security Account Manager eg:

Object Open:
  Object Server: Security Account Manager
  Object Type: SAM_GROUP
  Object Name: DOMAINS\Account\Groups\0000045E
  New Handle ID: 1841992
  Operation ID: {0,70068560}
  Process ID: 2161235584
  Primary User Name: SYSTEM
  Primary Domain: NT AUTHORITY
  Primary Logon ID: (0x0,0x3E7)
  Client User Name:
  Client Domain:
  Client Logon ID: (0x0,0x2DD7)
  Accesses  READ_CONTROL
  ReadInformation
  ListMembers

  Privileges  -

I suspect it is winbind that is causing this as I have just started using it
and I have never seen this before.  The last part of the object name changes
every time, and there is then a corresponding Handle Closed entry.

2) If I change the default winbind separator from \ to + as suggested (I
agree that at the unix level the backslash is problematic with a shell) then
the Permissions tab on a file shows either a)No user/groupnames at all from
an NT4sp6a box or b)User/groupnames like domain+user or domain+group from a
Win9x box using the nexus sysadmin tools.  When using the \ the names appear
correctly on both boxes.  My C isn't up to changing this but surely
regardless of the separator used on the samba box, it should return a
backslash to the external client such that user/groupnames are displayed
correctly.

3) Also, is there an easy way of interrogating the winbind table that stores
the NT->UID lookup to get a complete list rather than a one by one
"getent passwd user"?

Thanks for any help to a winbind newcomer.

Mike







**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This message has been scanned for viruses.
Blaby District Council - 0116 275 0555
**********************************************************************





More information about the samba mailing list