[Samba] [fixed?] winbind authentication issue
Keith Howanitz
kh at greenshire.com
Tue Sep 12 15:02:21 GMT 2006
I think I may have found the fix for this issue (it has been running for 3
days without an error.)
I went through and manually checked each user and group on Windows NT4.
There was one group I could not access:
MTS Trusted Impersonators
Searching I found this:
http://ask.support.microsoft.com/kb/181775/
Basically, the group is invalid because the name is over the max length
(which is 20 characters long). The account was created by Microsoft. The
fix supposedly came with NT4 SP6, but that was installed on all of my NT4
servers all ready, yet the account still existed. I could not delete or
modify the account with the default tools. Luckily, I had previously
installed the NT4 resource kit on one of the servers, and a text utility
called addusers (addusers /?) was able to remove that account.
[addusers /d file.txt
write all users and groups to file.txt
then edit file to delete all the users and groups you do not wish to
delete (leave headers intact) (i.e. remove all lines except for the ones
in [] and the one beginning with MTS Trusted Impersonators)
then addusers /e file.txt will erase all users and groups in file.txt. The
program only returns an answer on success - if it fails to do anything it
is silent. (wonder how you samba guys keep any hair)
Hope this helps someone,
-Keith
---------- Forwarded message ----------
Date: Thu, 7 Sep 2006 08:43:30 -0500 (CDT)
From: Keith Howanitz <kh at greenshire.com>
To: samba at lists.samba.org
Subject: winbind authentication issue
[SNIP]
More information about the samba
mailing list