[Samba] restrict anonymous used wbinfo -A what next?
Andrew Bartlett
abartlet at samba.org
Sat Mar 15 12:28:37 GMT 2003
On Sat, 2003-03-15 at 00:37, Bobby Guerra wrote:
>
>
> I am trying to get samba to work with winbind and still have the DC (w2k)
> use restrict anonymous.
>
> If I run wbinfo -A it will allow me to enumerate all the user accounts and
> groups but I still get prompted for a password when I try to access samba
> shares. I can turn off restrict anonymous and I can access the samba box
> all day with no problem but as soon as I turn on restrict anonymous it
> breaks.
>
> Do I need to do anything other then wbinfo -A in order to get around
> restrict anonymous?
It sounds like you might have a very high level of 'restrict anonymous'
set on the DC, (that is 'restrictanonymous=2'). This breaks all
pre-win2k systems, and Samba's NTLM logins.
If you upgrade to Samba 3.0 alpha, we can use the winbindd connections
to get to the NETLOGON pipe, and authenticate NTLM logins (I hope), but
the real advantage is we get kerberos, which works much better anyway
:-)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030315/73a02916/attachment.bin
More information about the samba
mailing list