[Samba] a word of warning

Sven Schwedas sven.schwedas at tao.at
Tue Jan 23 14:57:59 UTC 2018

KRBTGT isn't even Samba specific, the same applies to all Active
Directory setups:

> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn745899(v=ws.11)

> https://adsecurity.org/?p=483

On 2018-01-23 15:51, lists via samba wrote:
> Hi,
> I'd like to report something here, so it will not happen to others.
> We moved all disabled users in our samba AD to a dedicated folder in
> ADUC, which we called 'disabled'.
> A little while after we did that, our network started 'falling apart'.
> Some things still worked, others did not. I could for example no longer
> start ADUC, some users could not logon or map drives, etc, etc.
> From samba's point of view everything was still running, replication was
> happening, etc, etc. No idea where to start looking.
> Until my colleage told me about this moving of disabled  accounts from
> CN=Users into OU=disabled.
> Turned out he had also moved the disabled account "krbtgt", and this had
> caused our network to fall apart. Luckily his ADUC window was still open
> and functional, so we could move this account back into CN=Users, and
> everything started working again.
> So, our advise: don't move that account! :-)

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas at tao.at | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20180123/fcb2819b/signature.sig>

More information about the samba mailing list