[Samba] What are the potential side effects of Multi Versions of Samba AD in the same domain.
Andrew Bartlett
abartlet at samba.org
Tue Sep 12 19:10:25 UTC 2023
On Tue, 2023-09-12 at 12:19 +0200, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba In chel di` si favelave...
> > Additionally, your Samba 4.7.6 server, unless it has been
> > gettingsecurity patches, will not interoperate with the 4.15.13
> > server forsome specific Kerberos tasks around S4U2Proxy
> > (constraineddelegation). MS did a massive 6-month or more period
> > of allowing a newPAC buffer to be missing, we simply called a flag
> > day (due toresources). Finally, modern Windows 10/11, that is
> > getting security patches, willfail to operate against the 4.7.6 DC
> > (NETLOGON will fail), and even the4.15.13 DC.
>
> You are speaking of:
>
> https://support.microsoft.com/it-it/topic/kb5020805-come-gestire-le-modifiche-al-protocollo-kerberos-correlate-a-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb
>
> so i need to update Samba (on DC, i suppose) to at least 4.18 before
> october10, or netlogon will fail? Really?!
I'm talking about
https://bugzilla.samba.org/show_bug.cgi?id=15418 id="-x-evo-selection-start-marker">
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list