RE: [Samba] restrict anonymous Solved Thanks!
Andrew and Jerry That was my problem. I knew of restrict anonymous 1 but not of 2. Jerry and Andrew thanks for all your help you got me to my goal! Bobby Guerra P.S. What's your favorite drink? -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Saturday, March 15, 2003 7:29 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] restrict anonymous used wbinfo -A what next? On Sat, 2003-03-15 at 00:37, Bobby Guerra wrote: I am trying to get samba to work with winbind and still have the DC (w2k) use restrict anonymous. If I run wbinfo -A it will allow me to enumerate all the user accounts and groups but I still get prompted for a password when I try to access samba shares. I can turn off restrict anonymous and I can access the samba box all day with no problem but as soon as I turn on restrict anonymous it breaks. Do I need to do anything other then wbinfo -A in order to get around restrict anonymous? It sounds like you might have a very high level of 'restrict anonymous' set on the DC, (that is 'restrictanonymous=2'). This breaks all pre-win2k systems, and Samba's NTLM logins. If you upgrade to Samba 3.0 alpha, we can use the winbindd connections to get to the NETLOGON pipe, and authenticate NTLM logins (I hope), but the real advantage is we get kerberos, which works much better anyway :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] restrict anonymous used wbinfo -A what next?
I am trying to get samba to work with winbind and still have the DC (w2k) use restrict anonymous. If I run wbinfo -A it will allow me to enumerate all the user accounts and groups but I still get prompted for a password when I try to access samba shares. I can turn off restrict anonymous and I can access the samba box all day with no problem but as soon as I turn on restrict anonymous it breaks. Do I need to do anything other then wbinfo -A in order to get around restrict anonymous? Bobby Guerra -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DC set with restrict anonymous HELP!
I am trying to get samba to work with winbind and still have the DC (w2k) use restrict anonymous. If I run wbinfo -A it will allow me to enumerate all the user accounts and groups but I still get prompted for a password when I try to access samba shares. I can turn off restrict anonymous and I can access the samba box all day with no problem but as soon as I turn on restrict anonymous it breaks. Do I need to do anything other then wbinfo -A in order to get around restrict anonymous? Bobby Guerra -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W2K sp3 broke winbind
Hi all, I recently applied service pack 3 on all my domain controllers and disabled anonymous enumeration. This broke winbind. After reading some of the listings and looking at the log info from winbind I believed that winbind gets its user list by doing an anonymous request so I changed it back but I still doesn't work. I get a failure with every wbinfo command. Here is an excerpt from the log.winbind [2003/03/07 11:59:09, 1] libsmb/cliconnect.c:cli_full_connection(1019) failed tcon_X [2003/03/07 11:59:09, 3] nsswitch/winbindd_cm.c:get_connection_from_cache(405) Could not open a connection to DTRNT for \PIPE\lsarpc (NT_STATUS_ACCESS_DENIED ) I am running Red Hat 8.0 with samba 2.2.8pre2-1. I am happy to provide more information I didn't want to bogg the e-mail down with info that could be useless. I have been working on this for a week now and I am about to fall on mouse and commit Hari Kari. Please if anyone has any help let me know. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] W2K sp3 broke winbind
I saw that command but when I ran it (wbinfo -A domain+useraccount%password) it fails with error below. could not obtain winbind separator! I have winbind separator in my conf file. winbind separator = + I also tried different variations of wbinfo. wbinfo -A useraccount%password wbinfo -A domain\\useraccount%password -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2003 1:07 PM To: Bobby Guerra Cc: [EMAIL PROTECTED] Subject: Re: [Samba] W2K sp3 broke winbind -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 7 Mar 2003, Bobby Guerra wrote: Hi all, I recently applied service pack 3 on all my domain controllers and disabled anonymous enumeration. This broke winbind. After reading some of the listings and looking at the log info from winbind I believed that winbind gets its user list by doing an anonymous request so I changed it back but I still doesn't work. I get a failure with every wbinfo command. Here is an excerpt from the log.winbind ou can set a user/pass pair for winbindd using wbinfo -A cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+aN/UIR7qMdg1EfYRAvIEAKDcgP7Fjl/TvbAwf8tMPvm1YyDjDACfWLLX zstZDi5yk/2UiAkGae229tQ= =tWWd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
