We are running a windows 2000 domain where I work. I am developing a linux client for desktop deployment so that we can stop the spread of cancer (read microsoft). I can get winbind to join the domain, but when i try a winfo -t, it tells me "could not check secret". I have scoured the internet looking for help and could not find anything. I used the HOW TO from John Trostel, with no luck. Here is my smb.conf file: [global] workgroup = DOMAIN.COM netbios name = LINDEMO security = domain password server = 001 002 encrypt passwords = yes domain master = no prefered master = no local master = no winbind uid = 20000-30000 winbind gid = 20000-30000 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash [homer] path = /tmp valid users = me public = no writable = yes Any help would be greatly appreciated. ====Mark Honomichl Systems Achitect www.covisint.com Unix is a user friendly Operating System.... It's just picky about who it's friends are. __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
I am trying to used Winbind to retrieve user accounts from a Windows 2000 native domain to no avail. It would appear as though Winbind uses an anonymous connection for communication and my Windows 2000 domain is denying anonymous access. Does anyone know how to winbind to use a user account or how to set a Win2K Domain to allow anonymous connection after it has been switched to 'Native Mode' I have already checked the registry on my Domain controller at //HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/control/Lsa/restrictanonym ous. This is in reference to a previous unanswered question where I posted my smb.conf and winbindd debug output: http://marc.theaimsgroup.com/?l=samba <http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2> &m=102546714116241&w=2 Any help is appreciated. thx. /Brad -------------- next part -------------- HTML attachment scrubbed and removed
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brad Richins schrieb: | I am trying to used Winbind to retrieve user accounts from a Windows | 2000 native domain to no avail. It would appear as though Winbind uses | an anonymous connection for communication and my Windows 2000 domain is | denying anonymous access. Does anyone know how to winbind to use a user | account or how to set a Win2K Domain to allow anonymous connection after | it has been switched to ?Native Mode? I have already checked the | registry on my Domain controller at | //HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/control/Lsa/restrictanonymous. | | | | This is in reference to a previous unanswered question where I posted my | smb.conf and winbindd debug output: | http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2 | <http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2> | | | | Any help is appreciated. hi brad, i have the exactly same problem. i am not 100% sure, but can it be that for this active directory support must be given? so samba 3.0 is needed? greetings thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAj0isoEACgkQzrK/xv+DehoO8gCghF+6KTbK5SesHdrHhoHlv3OM UKsAoNTnu38NVADLSfDkQxGYG1cHAjT4 =+Jr6 -----END PGP SIGNATURE-----
Am Mittwoch, 3. Juli 2002 10:14 schrieb Thomas Stegbauer:> Brad Richins schrieb: > | I am trying to used Winbind to retrieve user accounts from a Windows > | 2000 native domain to no avail. It would appear as though Winbind uses > | an anonymous connection for communication and my Windows 2000 domain is > | denying anonymous access. Does anyone know how to winbind to use a user > | account or how to set a Win2K Domain to allow anonymous connection after > | it has been switched to ?Native Mode? I have already checked the > | registry on my Domain controller at > > //HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/control/Lsa/restrictanonymous >. > > | This is in reference to a previous unanswered question where I posted my > | smb.conf and winbindd debug output: > | http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2 > | <http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2> > | > | > | > | Any help is appreciated. > > hi brad, > > i have the exactly same problem. i am not 100% sure, but can it be that > for this active directory support must be given? so samba 3.0 is needed? > > greetings > thomasYou can set a user for winbind to authenticate with: wbinfo -A user%password ...Juergen
-----Original Message----- From: Juergen Hasch [mailto:Hasch@t-online.de] Sent: Wednesday, July 03, 2002 13:53 To: Thomas Stegbauer; Brad Richins Cc: samba@lists.samba.org Subject: Re: [Samba] Winbind and Windows 2000 Am Mittwoch, 3. Juli 2002 10:14 schrieb Thomas Stegbauer:> Brad Richins schrieb: > | I am trying to used Winbind to retrieve user accounts from a Windows > | 2000 native domain to no avail. It would appear as though Winbind uses > | an anonymous connection for communication and my Windows 2000 domain is > | denying anonymous access. Does anyone know how to winbind to use a user > | account or how to set a Win2K Domain to allow anonymous connection after > | it has been switched to ?Native Mode? I have already checked the > | registry on my Domain controller at > > //HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/control/Lsa/restrictanonymous >. > > | This is in reference to a previous unanswered question where I posted my > | smb.conf and winbindd debug output: > | http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2 > | <http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2> > | > | > | > | Any help is appreciated. > > hi brad, > > i have the exactly same problem. i am not 100% sure, but can it be that > for this active directory support must be given? so samba 3.0 is needed? > > greetings > thomasYou can set a user for winbind to authenticate with: wbinfo -A user%password ...Juergen Thanks that worked. As for the question about needing samba 3.0, while I now have it working on both samba 2.2.5 and 3.0, the 3.0 version had a few more tools and options that made dealing with active directory easier. On the other hand, it's still in alpha and I'm not too comfortable using alpha builds in a production environment. /Brad Richins
> Message: 6 > From: Hasch@t-online.de (Juergen Hasch) > Reply-To: hasch@t-online.de > To: Thomas Stegbauer <tsmailing@tronicplanet.de>, > Brad Richins <BRichins@lopezgarciagroup.com> > Subject: Re: [Samba] Winbind and Windows 2000 > Date: Wed, 3 Jul 2002 20:53:16 +0200 > Cc: samba@lists.samba.org > > Am Mittwoch, 3. Juli 2002 10:14 schrieb Thomas Stegbauer: > >> Brad Richins schrieb: >> | I am trying to used Winbind to retrieve user accounts from a Windows >> | 2000 native domain to no avail. It would appear as though Winbind uses >> | an anonymous connection for communication and my Windows 2000 domain is >> | denying anonymous access. Does anyone know how to winbind to use a user >> | account or how to set a Win2K Domain to allow anonymous connection after >> | it has been switched to ?Native Mode? I have already checked the >> | registry on my Domain controller at >> >> //HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/control/Lsa/restrictanonymous >>. >> >> | This is in reference to a previous unanswered question where I posted my >> | smb.conf and winbindd debug output: >> | http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2 >> | <http://marc.theaimsgroup.com/?l=samba&m=102546714116241&w=2> >> | >> | >> | >> | Any help is appreciated. >> >> hi brad, >> >> i have the exactly same problem. i am not 100% sure, but can it be that >> for this active directory support must be given? so samba 3.0 is needed? >> >> greetings >> thomas > > > You can set a user for winbind to authenticate with: > wbinfo -A user%passwordBut shouldn't winbind set this up to use the machine account? Or how is this supposed to work? Does it need a user account? We are looking at streamlining the process of joining winbind machines, and potential clients are very averse to enabling pre-Windows-2000 compatible access. Or should we just have a wrapper around smbpasswd -j which grabs the username and password of a domain admin account, and uses that for wbinfo -A. Only problem is that this wouldn't work for pre-made machine accounts .... Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7