[Samba] Windows 10 localsystem account

L.P.H. van Belle belle at bazuin.nl
Thu Apr 8 07:48:42 UTC 2021 

Hai, 

The longer you wait with updateing samba to supported version, 
the hard it will get to keep everything running.. 

>From your original post.. 
When using Windows 7 client (without domain controller)
 - A standard Windows user is able to access samba share.
 - A "NT Authority\System" user is able to access samba share.

When using Windows 10 (Built 18362) client (without domain controller)
 - A standard Windows user is able to access samba share.
 - A "NT Authority\System" user is NOT able to access samba share. The error message is "The specified server cannot perform the requested operation."

Now, the difference is the way windows 10 is handleing this.
And this is a windows security change. 

There is only 1 real fix. Upgrade samba. 
The other fix is, lower your security. 

It has all todo with Impersonation is done within windows. 
Impersonation is the ability of a thread to execute using different security
information than the process that owns the thread.

So, you have a task.. 2 even.. and i would start with upgrading samba first,
and then windows 10, because your current version of windows 10 is also EOL. 
als, build 18363 end May 11, 2021 (unless you have enterprise/Edu versions) 

ow and i see in your smb.com and original post you dont need security in this.  Review your setup with this link.
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server 
An open server setup, should not be any problem. I use that at home also.


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Lars Sunde via
> samba
> Verzonden: woensdag 7 april 2021 22:59
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Windows 10 localsystem account
> 
> >On 28/03/2021 14:42, Lars Sunde wrote:
> >> Thank you for the very quick response.
> >>
> >> Why does this work using Windows 7 that also uses 'NT
> >> Authority\System' account?
> >>
> >> Upgrading any software must be approved and therefore takes a bit of
> >> time which is not ideal.
> 
> 
> >But using a version of Samba that went EOL 4 years ago is OK ???
> 
> >>   * What is issue number of that particular fix?
> >>   * What version of Samba contains that fix?
> >>
> 
> >Not entirely sure (for either) I just know that at one time Samba didn't
> >know who 'SYSTEM' was, but it does now. The present Samba supported
> >versions (4.13.x, 4.13.x and 4.14.x) all know 'SYSTEM', so I would
> >suggest you upgrade to one of these versions, though this may mean you
> >need to upgrade your red-hat OS as well.
> 
> Does anyone else know the ticket number for this improvement? It would
> help a lot to know the minimum version of Samba that is required.
> 
> >>  *
> >>
> >> Is there any workaround for this issue that does not invovled updating
> >> Samba?
> >>
> 
> >Not that I am aware, others may.
> 
> 
> > Rowland
> 
> Lars
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list