[Samba] [fixed?] winbind authentication issue

Keith Howanitz kh at greenshire.com
Tue Sep 12 15:02:21 GMT 2006

I think I may have found the fix for this issue (it has been running for 3 
days without an error.)

I went through and manually checked each user and group on Windows NT4. 
There was one group I could not access:

MTS Trusted Impersonators

Searching I found this:

Basically, the group is invalid because the name is over the max length 
(which is 20 characters long). The account was created by Microsoft. The 
fix supposedly came with NT4 SP6, but that was installed on all of my NT4 
servers all ready, yet the account still existed. I could not delete or 
modify the account with the default tools. Luckily, I had previously 
installed the NT4 resource kit on one of the servers, and a text utility 
called addusers (addusers /?) was able to remove that account.

[addusers /d file.txt
write all users and groups to file.txt
then edit file to delete all the users and groups you do not wish to 
delete (leave headers intact) (i.e. remove all lines except for the ones 
in [] and the one beginning with MTS Trusted Impersonators)
then addusers /e file.txt will erase all users and groups in file.txt. The 
program only returns an answer on success - if it fails to do anything it 
is silent. (wonder how you samba guys keep any hair)

Hope this helps someone,

---------- Forwarded message ----------
Date: Thu, 7 Sep 2006 08:43:30 -0500 (CDT)
From: Keith Howanitz <kh at greenshire.com>
To: samba at lists.samba.org
Subject: winbind authentication issue


More information about the samba mailing list