[Samba] DOMAIN\Administrator mapped to root vs. CVE-2020-25717 fix including "min domain uid" = 1000

Björn JACKE bjacke at SerNet.DE
Sat Jun 4 16:31:30 UTC 2022

On 2022-05-27 at 23:12 +0200 Reginald via samba sent off:
> If I add
> min domain uid = 0
> to the smb.conf of the fileserver, everything works fine again. :)
> So I could manage the permissions and finish work. :)
> But... This change was probably introduced for good reasons. And I worked around it. What do you think?
> Did I open up a horrible security hole?
> What are the implications?
> Should "DOMAIN\Administrator" actually never be mapped to root?

this reminds me of that old bug report

I still have hope that Andrew will remove his veto on the change so that we can
finally get this properly by default for future setups.


More information about the samba mailing list