[Samba] Annoying winbind problem solved
Peter S Scudamore
scud at geekstuph.com
Tue Nov 26 08:07:00 GMT 2002
I have been on the web for hours reading email postings about WINDBIND.
Here is the scenario. Samba 2.27 on Redhat 8, installed via the redhat
RPMs. the first interesting note was that there is no samba-winbind rpm.
It is a part of the samba-common.rpm in redhat. I have been using Samba
as a file server for quite some time. And 100% of my issues with it stem
from permission problems. So I heard about winbind. And it is even more
poorly documented than Samba. So I checked the resources on samba.org, I
had the libraries in the right place in /lib. I had previously rejoined
the domain using #smbpasswd -j DOMAIN -r PDC -U NTDOMAINADMINACCOUNT
I got the successfully joined the domain message . I checked the active
directory on the win2k domain controller and verified that the computer
account had been created...enter winbind:
I launch the winbindd daemon. I perform wbinfo -t and get "the secret is
good". I perform wbinfo -u and get 0x0c00000022 or something like that.
wbinfo -g yields the same results. After running the winbindd daemon in
various levels of debug all day and searching the web for the results, I
found the answer! performing the steps outlined in Tim Potter's email on
the win2k domain controller resolves this issue. I am still unsure about
which files to edit in /etc/pam.d
The howto says to edit /etc/pam.d/*
There are scores of files in there! Surely not.
-----Original Message-----
From: Tim Potter [ <mailto:tpot at samba.org> mailto:tpot at samba.org]
Sent: 27 October 2001 02:29
To: samba-technical at lists.samba.org
Cc: Roberto Sebastiano; Marc Anthony Pierre Barrette
Subject: using winbind with Windows 2000 native mode
I've just tracked down a problem running winbind against a
Windows 2000 server running in native mode. Microsoft has added
a security restriction which disallows anonymous access to user
lists and groups.
To fix this run the following from a command prompt and then
reboot (yes the reboot is required - sheesh):
net localgroup "Pre-Windows 2000 Compatible Access" everyone /add
I couldn't figure out how to do this from the Active Directory
Users and Groups MMC thingy. It didn't like the group Everyone
for some reason.
Tim.
Peter S Scudamore CCNP, CCDP, MCP
ATM/Fr Network Design
TOUCHAMERICA
off 720.493.2660
mbl 303.358.8760
efax 720.294.2363
scud at tamerica.com
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba
mailing list