Hmmm... My NT admins assure me that they have had the annonymous restriction on for months. I wonder if when they are modifying the database, the restriction is nullified... OR, they could be removing the restriction momentarily for something else...
I will get a user/password from the NT admins and try from there. This is separate from the domain-join secret? Paul Orwig Pacific Life -----Original Message----- From: Richard Sharpe [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 11, 2002 10:47 AM To: Orwig, Paul Cc: 'MCCALL,DON (HP-USA,ex1)'; '[EMAIL PROTECTED]' Subject: RE: winbindd problem On Thu, 11 Apr 2002, Orwig, Paul wrote: > Just so I understand... > The fact that wbinfo -t replies with "secret is good" says that it is able > to talk to the domain controller and should be able to request users/group > listing. Right? Well, yes, but, as Tim pointed out in response to my erroneous statement, the fact that wbinfo -t says that the secret is good means that the trust account secrets stored in tdb are OK. winbindd uses anonymous connections to retrieve its information by default, unless you have told it a valid account and password on the DC[s]. In the presence of restrict-anonymous, this will not work, and if some of your DCs have restrict-anonymous set and some not, you may get intermittent failures. Regards ----- Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
