[Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Marco Gaiarin
gaio at sv.lnf.it
Mon Sep 24 14:42:33 UTC 2018
Mandi! Rowland Penny via samba
In chel di` si favelave...
> There is no 'local Administrator', the domain user Administrator is
> mapped to the local user 'root'. So if the domain user 'Administrator'
> has the password 'thispass' and maps to 'root', who has the password
> 'diffpass', then the user will be rejected because the user is known
> (root) and the password is wrong (thispass).
OK, interesting. With this hint, gone back to the logs i've got:
[2018/09/24 11:31:02.652917, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [unci-unci]\[Administrator] at [lun, 24 set 2018 11:31:02.652908 CEST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [UNCI-UNCI] remote host [ipv4:10.5.2.145:63155] mapped to [unci-unci]\[root]. local host [ipv4:10.5.1.26:445]
so seems that effectively locan Administrator user (eg,
UNCI-UNCI\Administrator) get mapped to 'root', where indeed password
does not match (and UNCI-UNCI\root does not exist ;).
What really does not understand is:
a) why evidently in samba 4.5 this mapping get NOT done.
b) i've tried to modify 'user.map' from:
!root = LNFFVG\Administrator LNFFVG\administrator Administrator administrator
to
!root = LNFFVG\Administrator LNFFVG\administrator
hoping in strict matching, but seems that match still get done (but
i've only reload smbd, not restarted it).
And, sorry rowland, there IS A 'local Administrator' for every windows
PC, and is a different user from DOMAIN\Administrator...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list