[Samba] DOMAIN\Administrator mapped to root vs. CVE-2020-25717 fix including "min domain uid" = 1000
Björn JACKE
bjacke at SerNet.DE
Sat Jun 4 16:31:30 UTC 2022
On 2022-05-27 at 23:12 +0200 Reginald via samba sent off:
> If I add
> min domain uid = 0
> to the smb.conf of the fileserver, everything works fine again. :)
>
> So I could manage the permissions and finish work. :)
>
> But... This change was probably introduced for good reasons. And I worked around it. What do you think?
> Did I open up a horrible security hole?
> What are the implications?
> Should "DOMAIN\Administrator" actually never be mapped to root?
this reminds me of that old bug report
https://bugzilla.samba.org/show_bug.cgi?id=9837
I still have hope that Andrew will remove his veto on the change so that we can
finally get this properly by default for future setups.
Björn
More information about the samba
mailing list