[Samba] NT_STATUS_INVALID_TOKEN after update to 4.13.14
Ken Bass
kbass at kenbass.com
Sun Nov 21 16:58:26 UTC 2021
On 11/12/21 12:37 PM, Rowland Penny via samba wrote:
> So when I do it correctly:
> rowland at devstation:~$ smbclient -W SAMDOM -U Administrator
> //mintmate/data1
> Enter SAMDOM\Administrator's password:
> session setup failed: NT_STATUS_INVALID_TOKEN
>
> It still doesn't work, but if I use a normal user:
>
> rowland at devstation:~$ smbclient -W SAMDOM -U rowland //mintmate/data1
> Enter SAMDOM\rowland's password:
> Try "help" to get a list of possible commands.
> smb: \>
>
> It works!
>
> So, I think that the CVE I pointed to, is doing its job, you need to
> stop logging into Samba as Administrator. Not sure where this leaves us
> with '!root = SAMDOM\Administrator' in a usermap, I am going to have to
> do some testing.
>
> Rowland
>
>
>
So where does that leave us?
I mean, I am simply trying to do commands such as
net rpc rights list privileges SeDiskOperatorPrivilege -U
"SAMDOM\Administrator"
or
net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege
-U'SAMDOM\administrator'
None of these work anymore
NT_STATUS_INVALID_TOKEN
More information about the samba
mailing list