diff options
author | Gerald Carter <jerry@samba.org> | 2005-09-29 22:34:39 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2005-09-29 22:34:39 +0000 |
commit | e6796a82f9a3709b0f7b0472538fba719a0f4200 (patch) | |
tree | 82ccdb97cee78c66e33c36c2717f98369a6b1883 | |
parent | 39f096f95e4a0304c74249472e6678563375fab7 (diff) | |
download | samba-e6796a82f9a3709b0f7b0472538fba719a0f4200.tar.gz samba-e6796a82f9a3709b0f7b0472538fba719a0f4200.tar.xz samba-e6796a82f9a3709b0f7b0472538fba719a0f4200.zip |
r10632: clarification of 'security=domain' notesamba-3.0.20a
-rw-r--r-- | WHATSNEW.txt | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 204cf1f049c..57d2f2c2a5e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -21,19 +21,20 @@ Common bugs fixed in 3.0.20a include: Winbind, security = domain, and Active Directory ================================================ -Recent security updates for Windows 2000 and Windows 2003 -have changed the fashion in which user and group list can -be obtained from domain controllers. In short, the rpc -mechanisms used by "security = domain" to retrieve users -and groups is not compatible with these changes. The -"security = ads" configuration is not affected by the -Windows protocol changes. - -Samba developers are actively working to correct this -problem in the version 3.0.21. Administrators who are -unable to migrate to "security = ads", can define credentials -to be used by winbindd when enumerating users by executing -"wbinfo --set-auth-user='DOMAIN\username%password'" +Recent security updates for Windows 2000 and Windows 2003 have +changed the fashion in which user and group lists can be obtained +from domain controllers. In short, the RPC mechanisms used by +"security = domain" to retrieve users and groups is not compatible +with these changes. The "security = ads" configuration is not +affected by the Windows protocol changes. + +Samba developers are actively working to correct this problem in +the 3.0.21 release. In the meantime, Administrators who are unable +to migrate to "security = ads" and must continue using "security = +domain", can define credentials to be used by winbindd for account +enumeration by executing the following command as root. + + wbinfo --set-auth-user='DOMAIN\username%password' |