[Samba] smbclient with kerberos

Stefan Kania stefan at kania-online.de
Sat Nov 13 16:00:45 UTC 2021

Am 13.11.21 um 16:44 schrieb Rowland Penny via samba:
> Of course, now I peer very closely at the above, I notice something,
> why is 'EXAMPLE\root' being asked for a password ? root should not be
> in your domain, it should be mapped to the domain Administrator. I get
> this:
> smbclient -L rpidc1
> Password for [Administrator at SAMDOM.EXAMPLE.COM]:
> Anonymous login successful

I version 4.14 I could do a "smbclient -L addc01" with any user even
local users from passwd and I get:

root at addc01:~# smbclient -L addc01
Password for [EXAMPLE\root]:
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        sysvol          Disk
        netlogon        Disk
        IPC$            IPC       IPC Service
SMB1 disabled -- no workgroup available
With version 4.15 the default is "client use kerberos = desired" is the
default, so smbclient for local users still works.

With activating "client use kerberos = required" it's not possible
anymore. That's great, no local user should be able to use smbclient. I
BUT i also expect the same behavior with an AD-user WITHOUT ticket.
That's what I don't understand

More information about the samba mailing list