[Samba] RE: why does samba need "anonymous access enabled" on windows to join AD server?

egold at fsa.com egold at fsa.com
Tue Sep 28 17:17:06 GMT 2004





Ive asked this question several times but have not gotten an answer, can
anyone give me any clues or tell me where to read about this please?!


original post:

I noticed when trying to use a windows active directory server for my
"password server" that i cannot join the windows AD domain (using the net
join command) unless the windows server has "anonymous access enabled".
Why is this? I am trying to join as "administrator" so why does it need
anonymous?

My windows admins want to change all the windows AD servers to disable
anonymous access.

so my question is:

how can i get samba to use windows AD with anonymous access disabled?
why does samba need anonymous access?

im running solaris 8 and samba 3.0.7.

here is the error i get when anonymous access is turned off:



/usr/local/samba/lib# net join -w MYDOMAIN.com -S WINSERVER3 -U
Administrator
Password:

Unable to join domain FSA.



here is my smb.conf:

smb.conf:
[Global] parameters
        workgroup = MYDOMAIN
        wins support = Yes
        hosts allow = all
        encrypt passwords = Yes
        unix password sync = Yes
        passwd program = /usr/bin/passwd %u
        update encrypted = No
        lm announce = true
        log level = 2
# for AD passwords
#       password server = *
        password server = WINSERVER1 WINSERVER2
        security = domain
[export]
        path = /export
        comment = export
        browseable = yes
        writable = yes
        read only = No
        public = No








____________________________________
This e-mail message is for the sole use of the intended recipient(s) and
may contain proprietary, confidential and/or privileged information. Any
unauthorized review, use, disclosure or distribution is prohibited.  If you
are not the intended recipient (or an employee or agent responsible to
deliver it to the intended recipient), you may not copy or deliver this
message to anyone. In such case, you should destroy this message and kindly
notify the sender by reply e-mail.



More information about the samba mailing list