FW: [Samba] Winbind and Windows 2000
Brad Richins
BRichins at lopezgarciagroup.com
Fri Jul 5 05:52:02 GMT 2002
-----Original Message-----
From: Juergen Hasch [mailto:Hasch at t-online.de]
Sent: Thursday, July 04, 2002 15:15
To: Buchan Milne
Cc: samba at lists.samba.org
Subject: Re: [Samba] Winbind and Windows 2000
Am Donnerstag, 4. Juli 2002 12:48 schrieb Buchan Milne:
> > You can set a user for winbind to authenticate with:
> > wbinfo -A user%password
>
> But shouldn't winbind set this up to use the machine account? Or how
is
> this supposed to work? Does it need a user account?
>
> We are looking at streamlining the process of joining winbind
machines,
> and potential clients are very averse to enabling pre-Windows-2000
> compatible access.
>
> Or should we just have a wrapper around smbpasswd -j which grabs the
> username and password of a domain admin account, and uses that for
> wbinfo -A. Only problem is that this wouldn't work for pre-made
machine
> accounts ....
>
You don't want to use your valuable domain admin account and store it
in a cleartext database.
Either enable anonymous connect on the W2K machine or use an account
with less (or no) privileges.
...Juergen
My advice (and what I did) is to create a Domain account specifically
for Samba/Winbind authentication. Same concept as creating an Exchange
service account or a SQL service account except you don't have to give
is special access rights.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list