Web lists-archives.com

Re: [Samba] a word of warning




KRBTGT isn't even Samba specific, the same applies to all Active
Directory setups:

> https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn745899(v=ws.11)

> https://adsecurity.org/?p=483

On 2018-01-23 15:51, lists via samba wrote:
> Hi,
> 
> I'd like to report something here, so it will not happen to others.
> 
> We moved all disabled users in our samba AD to a dedicated folder in
> ADUC, which we called 'disabled'.
> 
> A little while after we did that, our network started 'falling apart'.
> Some things still worked, others did not. I could for example no longer
> start ADUC, some users could not logon or map drives, etc, etc.
> 
> From samba's point of view everything was still running, replication was
> happening, etc, etc. No idea where to start looking.
> 
> Until my colleage told me about this moving of disabled  accounts from
> CN=Users into OU=disabled.
> 
> Turned out he had also moved the disabled account "krbtgt", and this had
> caused our network to fall apart. Luckily his ADUC window was still open
> and functional, so we could move this account back into CN=Users, and
> everything started working again.
> 
> So, our advise: don't move that account! :-)
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas@xxxxxx | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba