[Samba] smbclient with kerberos

Ralph Boehme slow at samba.org
Mon Nov 15 15:18:55 UTC 2021

On 11/15/21 15:29, cn--- via samba wrote:
> what I can confirm that on domain members the Administrator Account does 
> not work any more.
> You get an [NT_STATUS_INVALID_TOKEN] if you try and the account is 
> mapped to root. If it is not mapped to root you get 

this is likely an outcome of the new "min domain uid" option.

Unfortunately, the check for "min domain uid" is done *after* the 
mapping, so mapping any user to root with uid 0 results in an 

To workaround this you can set

min domain uid = 0

until someone can look into this more closely.


Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20211115/4abf3dfa/OpenPGP_signature.sig>

More information about the samba mailing list