It would appear that communication with the PDC is fine - all other commands (-t, -m, -s SID, -n name, etc.) work OK, it's just the group/user enumeration calls that appear to fail. Has anybody got any ideas whatsoever - I think it has to be a problem on the NT PDC side as, according to the debug log at level 10: 000018 samr_io_r_query_dispinfo 0018 total_size : 00000000 001c data_size : 00000000 0020 switch_level: 0001 0024 num_entries : 00000000 0028 ptr_entries : 00000000 002c status: c0000022 No entries are returned from the NetQueryDisplayInformation RPC... Help!! Dean> -----Original Message----- > From: Dean Ward > Sent: 19 December 2001 15:21 > To: 'samba@lists.samba.org' > Subject: FW: Winbind on Solaris 2.6 > > I've forwarded this message form samba-ntdom as nobody answered there :( > > Dean > -- > > Hi All, > > I've successfully installed Winbind on a Solaris 2.6 box and started the > winbindd daemon to talk to our NT boxes. > > I executed wbinfo -t and 'secret is good' was returned and from the debug > output at level 3 the daemon appears to be talking to our PDC. However, > for some reason when executing wbinfo -u or wbinfo -g no information is > returned. No errors are stated in the debug log - it acknowledges that the > request was received, but it does not seem to do pull any data back from > the PDC. > > Any ideas? Could this be a problem with the Anonymous access registry > settings on the PDC or something along those lines? > > Thanks for your help, > > Dean Ward > Info Systems > The Wine Society
On Thu, 20 Dec 2001, Dean Ward wrote:> It would appear that communication with the PDC is fine - all other commands > (-t, -m, -s SID, -n name, etc.) work OK, it's just the group/user > enumeration calls that appear to fail. Has anybody got any ideas whatsoever > - I think it has to be a problem on the NT PDC side as, according to the > debug log at level 10: > > 000018 samr_io_r_query_dispinfo > 0018 total_size : 00000000 > 001c data_size : 00000000 > 0020 switch_level: 0001 > 0024 num_entries : 00000000 > 0028 ptr_entries : 00000000 > 002c status: c0000022^^^^^^^^ This is NT_STATUS_ACCESS_DENIED. Hope this helps.> No entries are returned from the NetQueryDisplayInformation RPC...chau, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
Dear All, Problem found - our domain controllers have the RestrictAnonymous setting in their registries (HKLM\CurrentControlSet\Control\LSA, RestrictAnonymous DWORD) to prevent anonymous users getting access to account information. I'm not sure whether I should enable this on the production domain controllers as the ability to enumerate users anonymously is somewhat of a security risk - is there a need to enumerate users and groups simply to do authentication using Winbind (I've not got that far yet :) Kind Regards, Dean Ward Info Systems The Wine Society> -----Original Message----- > From: Gerald (Jerry) Carter [SMTP:jerry@samba.org] > Sent: 20 December 2001 17:48 > To: Dean Ward > Cc: 'samba@lists.samba.org' > Subject: RE: Winbind on Solaris 2.6 > > On Thu, 20 Dec 2001, Dean Ward wrote: > > > It would appear that communication with the PDC is fine - all other > commands > > (-t, -m, -s SID, -n name, etc.) work OK, it's just the group/user > > enumeration calls that appear to fail. Has anybody got any ideas > whatsoever > > - I think it has to be a problem on the NT PDC side as, according to the > > debug log at level 10: > > > > 000018 samr_io_r_query_dispinfo > > 0018 total_size : 00000000 > > 001c data_size : 00000000 > > 0020 switch_level: 0001 > > 0024 num_entries : 00000000 > > 0028 ptr_entries : 00000000 > > 002c status: c0000022 > ^^^^^^^^ > This is NT_STATUS_ACCESS_DENIED. Hope this helps. > > > No entries are returned from the NetQueryDisplayInformation RPC... > > > > > chau, jerry > --------------------------------------------------------------------- > Hewlett-Packard http://www.hp.com > SAMBA Team http://www.samba.org > -- http://www.plainjoe.org > "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 > --"I never saved anything for the swim back." Ethan Hawk in Gattaca--