[Samba] Samba 3: "restrict anonymous = 2" breaks domain joining

Marek Szuba scriptkiddie at wp.pl
Sun Dec 18 15:12:49 GMT 2005


Despite not having received any input on my last problem, I managed to
work it out and now I've finally got a working Linux PDC with ldapsam
and non-root domain admin. As it turned out, the problems were caused
by a combination of Samba settings, too tight security on Windows boxes
and, in case of XP x64, a need for some patches against Samba source
code; here I would like to ask a question about the former.

As it turned out, the setting which made me unable to join the domain
from the Linux box itself by calling "net -U domadm join DOMAIN" was
"restrict anonymous = 2". When it is set, executing the command fails
after a few seconds' delay even though the machine account gets added
to LDAP; when I change the number to 0 or 1, the command succeeds
immediately despite still showing the "no results from AD" warning I
mentioned in my previous message.

Considering what I'm trying to do here is talk to a Samba PDC (which
does support this setting) using Samba's native tool (which, logic
dictates, should support it too), this is kind of weird - especially
taking into account that one of my shares is set to "guest ok = yes"
ATM and that is said to nullify the effect of "restrict anonymous = 2".

What is the catch here?


More information about the samba mailing list