[Samba] smbclient with kerberos
Ralph Boehme
slow at samba.org
Mon Nov 15 15:18:55 UTC 2021
On 11/15/21 15:29, cn--- via samba wrote:
> what I can confirm that on domain members the Administrator Account does
> not work any more.
> You get an [NT_STATUS_INVALID_TOKEN] if you try and the account is
> mapped to root. If it is not mapped to root you get
> [NT_STATUS_NO_SUCH_USER].
this is likely an outcome of the new "min domain uid" option.
Unfortunately, the check for "min domain uid" is done *after* the
mapping, so mapping any user to root with uid 0 results in an
NT_STATUS_INVALID_TOKEN error.
To workaround this you can set
min domain uid = 0
until someone can look into this more closely.
Cheers!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20211115/4abf3dfa/OpenPGP_signature.sig>
More information about the samba
mailing list