[Samba] smbclient with kerberos
Stefan Kania
stefan at kania-online.de
Sat Nov 13 16:00:45 UTC 2021
Am 13.11.21 um 16:44 schrieb Rowland Penny via samba:
> Of course, now I peer very closely at the above, I notice something,
> why is 'EXAMPLE\root' being asked for a password ? root should not be
> in your domain, it should be mapped to the domain Administrator. I get
> this:
>
> smbclient -L rpidc1
> Password for [Administrator at SAMDOM.EXAMPLE.COM]:
> Anonymous login successful
I version 4.14 I could do a "smbclient -L addc01" with any user even
local users from passwd and I get:
----------
root at addc01:~# smbclient -L addc01
Password for [EXAMPLE\root]:
Anonymous login successful
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service
SMB1 disabled -- no workgroup available
----------
With version 4.15 the default is "client use kerberos = desired" is the
default, so smbclient for local users still works.
With activating "client use kerberos = required" it's not possible
anymore. That's great, no local user should be able to use smbclient. I
BUT i also expect the same behavior with an AD-user WITHOUT ticket.
That's what I don't understand
More information about the samba
mailing list