[Samba] smbclient with kerberos

Rowland Penny rpenny at samba.org
Mon Nov 15 21:15:57 UTC 2021

On Mon, 2021-11-15 at 21:59 +0100, Ralph Boehme via samba wrote:
> On 11/15/21 21:56, spindles seven via samba wrote:
> > I tried again using a 'domain admins' user and I still get the "DNS
> > update failed: NT_STATUS_INVALID_PARAMETER" error whilst joining
> > the
> > Debian computer.   So something else is going on here.
> please check my response in this thread from earlier today...
> -slow

I can confirm Ralph's fix works, another affect of the CVE was that
Administrator on a Win10 computer could not add a network location from
a Samba Unix domain member running Samba with the security updates.
Adding 'min domain uid = 0' to the smb.conf on the Unix domain member
fixed the problem.

I think the ultimate fix probably needs to be the automatic mapping of 
domain SID-500 to Unix ID 0 on all domain computers, this is based on
DOMAIN\Administrator being in charge (for want of a better word) of
everything in a domain.


More information about the samba mailing list