[Samba] NT_STATUS_INVALID_TOKEN after update to 4.13.14
Rowland Penny
rpenny at samba.org
Sun Nov 21 17:15:24 UTC 2021
On Sun, 2021-11-21 at 11:58 -0500, Ken Bass via samba wrote:
> On 11/12/21 12:37 PM, Rowland Penny via samba wrote:
> > So when I do it correctly:
> > rowland at devstation:~$ smbclient -W SAMDOM -U Administrator
> > //mintmate/data1
> > Enter SAMDOM\Administrator's password:
> > session setup failed: NT_STATUS_INVALID_TOKEN
> >
> > It still doesn't work, but if I use a normal user:
> >
> > rowland at devstation:~$ smbclient -W SAMDOM -U rowland
> > //mintmate/data1
> > Enter SAMDOM\rowland's password:
> > Try "help" to get a list of possible commands.
> > smb: \>
> >
> > It works!
> >
> > So, I think that the CVE I pointed to, is doing its job, you need
> > to
> > stop logging into Samba as Administrator. Not sure where this
> > leaves us
> > with '!root = SAMDOM\Administrator' in a usermap, I am going to
> > have to
> > do some testing.
> >
> > Rowland
> >
> >
> >
>
> So where does that leave us?
>
> I mean, I am simply trying to do commands such as
> net rpc rights list privileges SeDiskOperatorPrivilege -U
> "SAMDOM\Administrator"
> or
> net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege
> -U'SAMDOM\administrator'
>
> None of these work anymore
>
> NT_STATUS_INVALID_TOKEN
Try adding :
min domain uid = 0
To smb.conf and restarting Samba.
Rowland
More information about the samba
mailing list