[Samba] Annoying winbind problem solved
John H Terpstra
jht at samba.org
Tue Nov 26 15:24:01 GMT 2002
On Tue, 26 Nov 2002, Peter S Scudamore wrote:
> I have been on the web for hours reading email postings about WINDBIND.
> Here is the scenario. Samba 2.27 on Redhat 8, installed via the redhat
> RPMs. the first interesting note was that there is no samba-winbind rpm.
> It is a part of the samba-common.rpm in redhat. I have been using Samba
> as a file server for quite some time. And 100% of my issues with it stem
> from permission problems. So I heard about winbind. And it is even more
> poorly documented than Samba. So I checked the resources on samba.org, I
> had the libraries in the right place in /lib. I had previously rejoined
> the domain using #smbpasswd -j DOMAIN -r PDC -U NTDOMAINADMINACCOUNT
>
> I got the successfully joined the domain message . I checked the active
> directory on the win2k domain controller and verified that the computer
> account had been created...enter winbind:
>
> I launch the winbindd daemon. I perform wbinfo -t and get "the secret is
> good". I perform wbinfo -u and get 0x0c00000022 or something like that.
> wbinfo -g yields the same results. After running the winbindd daemon in
> various levels of debug all day and searching the web for the results, I
> found the answer! performing the steps outlined in Tim Potter's email on
> the win2k domain controller resolves this issue. I am still unsure about
> which files to edit in /etc/pam.d
>
> The howto says to edit /etc/pam.d/*
>
> There are scores of files in there! Surely not.
Surely YES, but only for those files that you need to change/modify.
For example for access using NT user credentials:
To log in at the Linux console, or X-Windows: login
To log on using FTP: wu_ftp
Never modify any /etc/pam.d/* file unless you need to.
For an example of various posibilities refer to the samba source tarball:
~samba/packaging/Caldera/OpenLinux/samba.pam
The options there commented out can be applied to the above, and to other
PAM config files as needed.
- John T.
>
>
> -----Original Message-----
> From: Tim Potter [ <mailto:tpot at samba.org> mailto:tpot at samba.org]
> Sent: 27 October 2001 02:29
> To: samba-technical at lists.samba.org
> Cc: Roberto Sebastiano; Marc Anthony Pierre Barrette
> Subject: using winbind with Windows 2000 native mode
>
>
> I've just tracked down a problem running winbind against a
> Windows 2000 server running in native mode. Microsoft has added
> a security restriction which disallows anonymous access to user
> lists and groups.
>
> To fix this run the following from a command prompt and then
> reboot (yes the reboot is required - sheesh):
>
> net localgroup "Pre-Windows 2000 Compatible Access" everyone /add
>
> I couldn't figure out how to do this from the Active Directory
> Users and Groups MMC thingy. It didn't like the group Everyone
> for some reason.
>
>
> Tim.
>
>
> Peter S Scudamore CCNP, CCDP, MCP
> ATM/Fr Network Design
> TOUCHAMERICA
> off 720.493.2660
> mbl 303.358.8760
> efax 720.294.2363
> scud at tamerica.com
>
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list