I have been on the
web for hours reading email postings about WINDBIND. Here is the scenario. Samba
2.27 on Redhat 8, installed via the redhat RPMs. the first interesting note was
that there is no samba-winbind rpm. It is a part of the samba-common.rpm in
redhat. I have been using Samba as a file server for quite some time. And 100%
of my issues with it stem from permission problems. So I heard about winbind.
And it is even more poorly documented than Samba. So I checked the resources on
samba.org, I had the libraries in the right place in /lib. I had previously
rejoined the domain using #smbpasswd -j DOMAIN -r PDC -U
NTDOMAINADMINACCOUNT
I got the
successfully joined the domain message . I checked the active directory on
the win2k domain controller and verified that the computer account had been
created...enter winbind:
I launch the
winbindd daemon. I perform wbinfo -t and get "the secret is good". I perform
wbinfo -u and get 0x0c00000022 or something like that. wbinfo -g yields the same
results. After running the winbindd daemon in various levels of debug all day
and searching the web for the results, I found the answer! performing the steps
outlined in Tim Potter's email on the win2k domain controller resolves this
issue. I am still unsure about which files to
edit in /etc/pam.d
The howto says to edit
/etc/pam.d/*
There are scores of files in there! Surely
not.
-----Original
Message-----
From: Tim Potter [mailto:[EMAIL PROTECTED]]
Sent: 27 October 2001 02:29
To: [EMAIL PROTECTED]
Cc: Roberto Sebastiano; Marc Anthony Pierre Barrette
Subject: using winbind with Windows 2000 native mode
I've just tracked down a problem running winbind against a
Windows 2000 server running in native mode. Microsoft has added
a security restriction which disallows anonymous access to user
lists and groups.
To fix this run the following from a command prompt and then
reboot (yes the reboot is required - sheesh):
net localgroup "Pre-Windows 2000 Compatible Access" everyone /add
I couldn't figure out how to do this from the Active Directory
Users and Groups MMC thingy. It didn't like the group Everyone
for some reason.
Tim.
From: Tim Potter [mailto:[EMAIL PROTECTED]]
Sent: 27 October 2001 02:29
To: [EMAIL PROTECTED]
Cc: Roberto Sebastiano; Marc Anthony Pierre Barrette
Subject: using winbind with Windows 2000 native mode
I've just tracked down a problem running winbind against a
Windows 2000 server running in native mode. Microsoft has added
a security restriction which disallows anonymous access to user
lists and groups.
To fix this run the following from a command prompt and then
reboot (yes the reboot is required - sheesh):
net localgroup "Pre-Windows 2000 Compatible Access" everyone /add
I couldn't figure out how to do this from the Active Directory
Users and Groups MMC thingy. It didn't like the group Everyone
for some reason.
Tim.
Peter S Scudamore CCNP, CCDP, MCP
ATM/Fr Network Design
TOUCHAMERICA
off 720.493.2660
mbl 303.358.8760
efax 720.294.2363
