Hi Christoph On 31 Oct 2003, Andrew Bartlett wrote: > On Fri, 2003-10-31 at 21:41, [EMAIL PROTECTED] wrote: > > Hi Jochen et al, > > > > that worked fine, though if I get it right everyone can now read the > > active directory structure (?) > > No, you still need to authenticate, but nothing stops an attacker from > 'stealing' the TCP/IP connection, if they control the network.
If you want see what *everybody* can see try an "ldapsearch -x -b "dc=MYDOMAIN,dc=DE" -h adscontroller -p 389" on a UNIX-Box. > > Connecting to the samba machine results still in errors, but that may be > > something stupid on my behalf too... > > > > thanks for helping > > ~christoph > > > > > > connect_to_domain_password_server: unable to setup the NETLOGON > > credentials to machine ADC1. Error was : NT_STATUS_UNSUCCESSFUL. > > You will need to turn up the debug level - it will probably be something > simple... I've attcht my own configuration I use on an ADS Domain Member. The Winbind-Stuff comes from an other LDAP-Server and has no relation to the ADS-LDAP. If you don't use winbind you won't need the winbind section. You should first do the "kinit [EMAIL PROTECTED]" and then a "net ads join". Greetings Jochen -- -------------------------------------------------------------------- Jochen Schmidt [EMAIL PROTECTED] Mi||enux GmbH mobile: +49.175.5752483 Lilienthalstraße 2 phone: +49.711.88770.300 70825 Stuttgart-Korntal fax: +49.711.88770.349 -= linux without limits -=- http://linux.zSeries.org/ =- PGP Fingerprint: 6F9A 85CE 78EA 7EF1 B2BA 3559 8FA1 2B13 098D 20B5
############################################################################ # smb.conf ############################################################################ # # Samba ADS-Member Konfiguration # # # (C) 2003 Thinking Objects Software GmbH # Lilienthalstrasse 2/1 # 70825 Stuttgart-Korntal # DE # Web : http://www.to.com/ # Email : [EMAIL PROTECTED] # Phone : +49.711.88770.400 # Fax : +49.711.88770.449 # Hotline: +49.711.88770.444 [EMAIL PROTECTED] # # Author: Jochen Schmidt # $Id: smb.conf,v 1.3 2003/10/16 15:54:38 root Exp $ # # Global parameters [global] # Allgemein workgroup = TOPALIS-GROUP realm = TOPALIS-GROUP.TO.COM netbios name = saaac000 server string = Thinking Primary Domain Server comment = by Thinking Objects Hotline debuglevel = 3 unix charset = "CP850" load printers = no disable spoolss = no # Pfade/Interfaces lock directory = /var/cache/samba/saaac000 pid directory = /var/cache/samba/saaac000 private dir = /var/cache/samba/saaac000/private log file = /var/log/samba/%m.c000 log level = 1 bind interfaces only = yes interfaces = 3.8.8.107/255.255.255.0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = No name resolve order = host lmhosts # Winbind idmap backend = ldap:ldap://3.8.8.103/ idmap uid = 40000-50000 idmap gid = 40000-50000 ldap idmap suffix = ou=idmap,o=topalis-group ldap admin dn = cn=admin,o=topalis-group winbind use default domain = no # Security security = ADS use spnego = Yes client signing = Yes client use spnego = Yes encrypt passwords = Yes guest account = nobody # Domain stuff domain master = no domain logons = no preferred master = no # EOF
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba