[Samba] restrict anonymous Solved Thanks!

Bobby Guerra bguerra at dtr-software.com
Mon Mar 17 17:16:17 GMT 2003

Andrew and Jerry

   That was my problem.  I knew of restrict anonymous 1 but not of 2.  Jerry
and Andrew thanks for all your help you got me to my goal!

Bobby Guerra

P.S. What's your favorite drink?

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Saturday, March 15, 2003 7:29 AM
To: bguerra at dtr-software.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] restrict anonymous used wbinfo -A what next?

On Sat, 2003-03-15 at 00:37, Bobby Guerra wrote:
> I am trying to get samba to work with winbind and still have the DC (w2k)
> use restrict anonymous.
> If I run wbinfo -A it will allow me to enumerate all the user accounts and
> groups but I still get prompted for a password when I try to access samba
> shares.  I can turn off restrict anonymous and I can access the samba box
> all day with no problem but as soon as I turn on restrict anonymous it
> breaks.
>  Do I need to do anything other then wbinfo -A in order to get around
> restrict anonymous?

It sounds like you might have a very high level of 'restrict anonymous'
set on the DC, (that is 'restrictanonymous=2').  This breaks all
pre-win2k systems, and Samba's NTLM logins.

If you upgrade to Samba 3.0 alpha, we can use the winbindd connections
to get to the NETLOGON pipe, and authenticate NTLM logins (I hope), but
the real advantage is we get kerberos, which works much better anyway

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list