[Samba] Re: wbinfo --set-auth-user & Win2K3

C.Lee Taylor leet at leenx.co.za
Wed Oct 15 18:00:12 GMT 2003

>> wbinfo --set-auth-user=Administrator%password ????
> NEVER do this.
>There is never a good reason to do this.  The wbinfo command is for NT4
>trusted domains, that are running 'restrict anonymous'.  If you are
>joined with ADS, and there are ADS trusts to these machines, then Samba
>can use kerberos, and never needs a 'wbinfo' user.
	Would this mean that if we have done kinit -V AdminUser at EXAMPLE.NET,
we should be able to join the domain without providing a password using the
same user?

>Even when you do need a 'wbinfo user', it does not need any special
>powers - only those given to *every* user.  So add a new, boring,
>unprivileged user.
	We have been testing against a Windows2003 server, and don't
get any user lists ( wbinfo -u ) unless we set auth user ... does
this mean something is not correctly setup on our Samba3 server?

>That password is stored clear-text, in secrets.tdb.
	I know this, but it's not any worse than smbpasswd -w secret, is it?


More information about the samba mailing list