FW: [Samba] Winbind and Windows 2000

Brad Richins BRichins at lopezgarciagroup.com
Fri Jul 5 05:52:02 GMT 2002

-----Original Message-----
From: Juergen Hasch [mailto:Hasch at t-online.de] 
Sent: Thursday, July 04, 2002 15:15
To: Buchan Milne
Cc: samba at lists.samba.org
Subject: Re: [Samba] Winbind and Windows 2000

Am Donnerstag, 4. Juli 2002 12:48 schrieb Buchan Milne:

> > You can set a user for winbind to authenticate with:
> > 	wbinfo -A user%password
> But shouldn't winbind set this up to use the machine account? Or how
> this supposed to work? Does it need a user account?
> We are looking at streamlining the process of joining winbind
> and potential clients are very averse to enabling pre-Windows-2000
> compatible access.
> Or should we just have a wrapper around smbpasswd -j which grabs the
> username and password of a domain admin account, and uses that for
> wbinfo -A. Only problem is that this wouldn't work for pre-made
> accounts ....

You don't want to use your valuable domain admin account and store it
in a cleartext database. 

Either enable anonymous connect on the W2K machine or use an account
with less (or no) privileges.


My advice (and what I did) is to create a Domain account specifically
for Samba/Winbind authentication.  Same concept as creating an Exchange
service account or a SQL service account except you don't have to give
is special access rights.

To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list