[Samba] NT_STATUS_INVALID_TOKEN after update to 4.13.14

Ken Bass kbass at kenbass.com
Sun Nov 21 16:58:26 UTC 2021

On 11/12/21 12:37 PM, Rowland Penny via samba wrote:
> So when I do it correctly:
> rowland at devstation:~$ smbclient -W SAMDOM -U Administrator
> //mintmate/data1
> Enter SAMDOM\Administrator's password:
> session setup failed: NT_STATUS_INVALID_TOKEN
> It still doesn't work, but if I use a normal user:
> rowland at devstation:~$ smbclient -W SAMDOM -U rowland //mintmate/data1
> Enter SAMDOM\rowland's password:
> Try "help" to get a list of possible commands.
> smb: \>
> It works!
> So, I think that the CVE I pointed to, is doing its job, you need to
> stop logging into Samba as Administrator. Not sure where this leaves us
> with '!root = SAMDOM\Administrator' in a usermap, I am going to have to
> do some testing.
> Rowland

So where does that leave us?

I mean, I am simply trying to do commands such as
net rpc rights list privileges SeDiskOperatorPrivilege -U 
net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege 

None of these work anymore


More information about the samba mailing list