[Samba] Annoying winbind problem solved

Gareth Davies gdavies at willowbrook.co.uk
Tue Nov 26 13:12:01 GMT 2002 

MessageYou don't need to mess with PAM unless you want people to log on locally using their Domain l/p.

If you do you need to alter system-auth.

             Shaolin - IT Systems
                     WB Ltd.
.: http://www.security-forums.com :.


  ----- Original Message ----- 
  From: Peter S Scudamore 
  To: samba at lists.samba.org 
  Sent: Tuesday, November 26, 2002 8:06 AM
  Subject: [Samba] Annoying winbind problem solved


  I have been on the web for hours reading email postings about WINDBIND. Here is the scenario. Samba 2.27 on Redhat 8, installed via the redhat RPMs. the first interesting note was that there is no samba-winbind rpm. It is a part of the samba-common.rpm in redhat. I have been using Samba as a file server for quite some time. And 100% of my issues with it stem from permission problems. So I heard about winbind. And it is even more poorly documented than Samba. So I checked the resources on samba.org, I had the libraries in the right place in /lib. I had previously rejoined the domain using #smbpasswd -j DOMAIN -r PDC -U NTDOMAINADMINACCOUNT

  I got the successfully joined the domain message . I checked the active directory on the win2k domain controller and verified that the computer account had been created...enter winbind:

  I launch the winbindd daemon. I perform wbinfo -t and get "the secret is good". I perform wbinfo -u and get 0x0c00000022 or something like that. wbinfo -g yields the same results. After running the winbindd daemon in various levels of debug all day and searching the web for the results, I found the answer! performing the steps outlined in Tim Potter's email on the win2k domain controller resolves this issue. I am still unsure about which files to edit in /etc/pam.d

  The howto says to edit /etc/pam.d/*

  There are scores of files in there! Surely not.


  -----Original Message-----
  From: Tim Potter [mailto:tpot at samba.org]
  Sent: 27 October 2001 02:29
  To: samba-technical at lists.samba.org
  Cc: Roberto Sebastiano; Marc Anthony Pierre Barrette
  Subject: using winbind with Windows 2000 native mode


  I've just tracked down a problem running winbind against a
  Windows 2000 server running in native mode.  Microsoft has added
  a security restriction which disallows anonymous access to user
  lists and groups.

  To fix this run the following from a command prompt and then
  reboot (yes the reboot is required - sheesh):

  net localgroup "Pre-Windows 2000 Compatible Access" everyone /add

  I couldn't figure out how to do this from the Active Directory
  Users and Groups MMC thingy.  It didn't like the group Everyone
  for some reason.


  Tim.


  Peter S Scudamore CCNP, CCDP, MCP
  ATM/Fr Network Design
  TOUCHAMERICA
  off 720.493.2660
  mbl 303.358.8760
  efax 720.294.2363
  scud at tamerica.com
   

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list