It would appear that communication with the PDC is fine - all other commands
(-t, -m, -s SID, -n name, etc.) work OK, it's just the group/user
enumeration calls that appear to fail. Has anybody got any ideas whatsoever
- I think it has to be a problem on the NT PDC side as, according to the
debug log at level 10:
000018 samr_io_r_query_dispinfo
0018 total_size : 00000000
001c data_size : 00000000
0020 switch_level: 0001
0024 num_entries : 00000000
0028 ptr_entries : 00000000
002c status: c0000022
No entries are returned from the NetQueryDisplayInformation RPC...
Help!!
Dean
> -----Original Message-----
> From: Dean Ward
> Sent: 19 December 2001 15:21
> To: 'samba@lists.samba.org'
> Subject: FW: Winbind on Solaris 2.6
>
> I've forwarded this message form samba-ntdom as nobody answered there
:(
>
> Dean
> --
>
> Hi All,
>
> I've successfully installed Winbind on a Solaris 2.6 box and started
the
> winbindd daemon to talk to our NT boxes.
>
> I executed wbinfo -t and 'secret is good' was returned and from the
debug
> output at level 3 the daemon appears to be talking to our PDC. However,
> for some reason when executing wbinfo -u or wbinfo -g no information is
> returned. No errors are stated in the debug log - it acknowledges that the
> request was received, but it does not seem to do pull any data back from
> the PDC.
>
> Any ideas? Could this be a problem with the Anonymous access registry
> settings on the PDC or something along those lines?
>
> Thanks for your help,
>
> Dean Ward
> Info Systems
> The Wine Society
On Thu, 20 Dec 2001, Dean Ward wrote:> It would appear that communication with the PDC is fine - all other commands > (-t, -m, -s SID, -n name, etc.) work OK, it's just the group/user > enumeration calls that appear to fail. Has anybody got any ideas whatsoever > - I think it has to be a problem on the NT PDC side as, according to the > debug log at level 10: > > 000018 samr_io_r_query_dispinfo > 0018 total_size : 00000000 > 001c data_size : 00000000 > 0020 switch_level: 0001 > 0024 num_entries : 00000000 > 0028 ptr_entries : 00000000 > 002c status: c0000022^^^^^^^^ This is NT_STATUS_ACCESS_DENIED. Hope this helps.> No entries are returned from the NetQueryDisplayInformation RPC...chau, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
Dear All, Problem found - our domain controllers have the RestrictAnonymous setting in their registries (HKLM\CurrentControlSet\Control\LSA, RestrictAnonymous DWORD) to prevent anonymous users getting access to account information. I'm not sure whether I should enable this on the production domain controllers as the ability to enumerate users anonymously is somewhat of a security risk - is there a need to enumerate users and groups simply to do authentication using Winbind (I've not got that far yet :) Kind Regards, Dean Ward Info Systems The Wine Society> -----Original Message----- > From: Gerald (Jerry) Carter [SMTP:jerry@samba.org] > Sent: 20 December 2001 17:48 > To: Dean Ward > Cc: 'samba@lists.samba.org' > Subject: RE: Winbind on Solaris 2.6 > > On Thu, 20 Dec 2001, Dean Ward wrote: > > > It would appear that communication with the PDC is fine - all other > commands > > (-t, -m, -s SID, -n name, etc.) work OK, it's just the group/user > > enumeration calls that appear to fail. Has anybody got any ideas > whatsoever > > - I think it has to be a problem on the NT PDC side as, according to the > > debug log at level 10: > > > > 000018 samr_io_r_query_dispinfo > > 0018 total_size : 00000000 > > 001c data_size : 00000000 > > 0020 switch_level: 0001 > > 0024 num_entries : 00000000 > > 0028 ptr_entries : 00000000 > > 002c status: c0000022 > ^^^^^^^^ > This is NT_STATUS_ACCESS_DENIED. Hope this helps. > > > No entries are returned from the NetQueryDisplayInformation RPC... > > > > > chau, jerry > --------------------------------------------------------------------- > Hewlett-Packard http://www.hp.com > SAMBA Team http://www.samba.org > -- http://www.plainjoe.org > "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 > --"I never saved anything for the swim back." Ethan Hawk in Gattaca--