On Thu, 11 Apr 2002, Orwig, Paul wrote: > Hmmm... > My NT admins assure me that they have had the annonymous restriction on for > months. > I wonder if when they are modifying the database, the restriction is > nullified... > OR, they could be removing the restriction momentarily for something else...
I don't know :-) > I will get a user/password from the NT admins and try from there. This is > separate from the domain-join secret? Yes, it is separate ... check the code in samba/source/nsswitch ... You use wbinfo to store the extra info in the secrets TDB ... However, as I say, this is only possible with a recent version of Samba 2.2.x. Secondly, it might simply be that there is a problem on HP/UX. A network trace would be useful. You could restrict the packets you supply to only the winbindd stuff using Ethereal and its ability save only some packets etc. > Paul Orwig > Pacific Life > > -----Original Message----- > From: Richard Sharpe [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 11, 2002 10:47 AM > To: Orwig, Paul > Cc: 'MCCALL,DON (HP-USA,ex1)'; '[EMAIL PROTECTED]' > Subject: RE: winbindd problem > > > On Thu, 11 Apr 2002, Orwig, Paul wrote: > > > Just so I understand... > > The fact that wbinfo -t replies with "secret is good" says that it is able > > to talk to the domain controller and should be able to request users/group > > listing. Right? > > Well, yes, but, as Tim pointed out in response to my erroneous statement, > the fact that wbinfo -t says that the secret is good means that the trust > account secrets stored in tdb are OK. > > winbindd uses anonymous connections to retrieve its information by > default, unless you have told it a valid account and password on the > DC[s]. > > In the presence of restrict-anonymous, this will not work, and if some of > your DCs have restrict-anonymous set and some not, you may get > intermittent failures. > > Regards > ----- > Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], > [EMAIL PROTECTED] > -- Regards ----- Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
