[Samba] restrict anonymous used wbinfo -A what next?

Andrew Bartlett abartlet at samba.org
Sat Mar 15 12:28:37 GMT 2003

On Sat, 2003-03-15 at 00:37, Bobby Guerra wrote:
> I am trying to get samba to work with winbind and still have the DC (w2k)
> use restrict anonymous.
> If I run wbinfo -A it will allow me to enumerate all the user accounts and
> groups but I still get prompted for a password when I try to access samba
> shares.  I can turn off restrict anonymous and I can access the samba box
> all day with no problem but as soon as I turn on restrict anonymous it
> breaks.
>  Do I need to do anything other then wbinfo -A in order to get around
> restrict anonymous?

It sounds like you might have a very high level of 'restrict anonymous'
set on the DC, (that is 'restrictanonymous=2').  This breaks all
pre-win2k systems, and Samba's NTLM logins.

If you upgrade to Samba 3.0 alpha, we can use the winbindd connections
to get to the NETLOGON pipe, and authenticate NTLM logins (I hope), but
the real advantage is we get kerberos, which works much better anyway

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030315/73a02916/attachment.bin

More information about the samba mailing list