I am trying to get samba to work with winbind and still have the DC (w2k) use restrict anonymous. If I run wbinfo -A it will allow me to enumerate all the user accounts and groups but I still get prompted for a password when I try to access samba shares. I can turn off restrict anonymous and I can access the samba box all day with no problem but as soon as I turn on restrict anonymous it breaks. Do I need to do anything other then wbinfo -A in order to get around restrict anonymous? Bobby Guerra -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Andrew Bartlett
2003-Mar-15 12:28 UTC
[Samba] restrict anonymous used wbinfo -A what next?
On Sat, 2003-03-15 at 00:37, Bobby Guerra wrote:> > > I am trying to get samba to work with winbind and still have the DC (w2k) > use restrict anonymous. > > If I run wbinfo -A it will allow me to enumerate all the user accounts and > groups but I still get prompted for a password when I try to access samba > shares. I can turn off restrict anonymous and I can access the samba box > all day with no problem but as soon as I turn on restrict anonymous it > breaks. > > Do I need to do anything other then wbinfo -A in order to get around > restrict anonymous?It sounds like you might have a very high level of 'restrict anonymous' set on the DC, (that is 'restrictanonymous=2'). This breaks all pre-win2k systems, and Samba's NTLM logins. If you upgrade to Samba 3.0 alpha, we can use the winbindd connections to get to the NETLOGON pipe, and authenticate NTLM logins (I hope), but the real advantage is we get kerberos, which works much better anyway :-) Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030315/73a02916/attachment.bin