[CLUE-Talk] Samba with winbind...

Scudamore, Pete scud at tamerica.com
Tue Nov 26 01:15:42 MST 2002 

I have been on the web for hours reading email postings about WINDBIND.
Here is the scenario. Samba 2.27 on Redhat 8, installed via the redhat
RPMs. the first interesting note was that there is no samba-winbind rpm.
It is a part of the samba-common.rpm in redhat. I have been using Samba
as a file server for quite some time, And 100% of my issues with it stem
from permission problems. So I heard about winbind. And it is even more
poorly documented than Samba. So I checked the resources on samba.org, I
had the libraries in the right place in /lib. I had previously rejoined
the domain using #smbpasswd -j DOMAIN -r PDC -U NTDOMAINADMINACCOUNT
 
I got the successfully joined the domain message . I checked the active
directory on the win2k domain controller and verified that the computer
account had been created...enter winbind:
 
I launch the winbindd daemon. I perform wbinfo -t and get "the secret is
good". I perform wbinfo -u and get 0x0c00000022 or something like that.
wbinfo -g yields the same results. After running the winbindd daemon in
various levels of debug all day and searching the web for the results, I
found the answer! performing the steps outlined in Tim Potter's email on
the win2k domain controller resolves this issue.
 
 
-----Original Message-----
From: Tim Potter [mailto:tpot at samba.org]
Sent: 27 October 2001 02:29
To: samba-technical at lists.samba.org
Cc: Roberto Sebastiano; Marc Anthony Pierre Barrette
Subject: using winbind with Windows 2000 native mode


I've just tracked down a problem running winbind against a
Windows 2000 server running in native mode.  Microsoft has added
a security restriction which disallows anonymous access to user
lists and groups.

To fix this run the following from a command prompt and then
reboot (yes the reboot is required - sheesh):

net localgroup "Pre-Windows 2000 Compatible Access" everyone /add

I couldn't figure out how to do this from the Active Directory
Users and Groups MMC thingy.  It didn't like the group Everyone
for some reason.


Tim.

 
Peter S Scudamore CCNP, CCDP, MCP
ATM/Fr Network Design
TOUCHAMERICA
off 720.493.2660
mbl 303.358.8760
efax 720.294.2363
scud at tamerica.com

More information about the clue-talk mailing list