[SAMBA4] When to fallback to NTLMSSP?

Simo Sorce idra at samba.org
Sun Oct 30 14:08:22 GMT 2005

On Sun, 2005-10-30 at 08:30 +0100, Volker Lendecke wrote:
> On Sat, Oct 29, 2005 at 09:38:12AM -0400, Simo Sorce wrote:
> > > I'm interested in ideas, both from the 'secure' and 'sane behaviour'
> > > standpoint.
> > 
> > If it is not to difficult to implement I think that having a fine
> > grained (ldb based ?) control set would be the best choice.
> Just my 2 cents: To me this sounds too complicated. This needs to be *SIMPLE*.
> Anything more complex than setting 'security level = 5' or something similar is
> bound to fail in real world installations.

Volker, I was thinking something like the current samba3 debug level.
You have a general option, that determines the security level for all
subsystem, and then if you want (more for debugging or
problems-workaround) you can set the specific level per subsystem.

Such a feature would have allowed us to tune a parameter in the
configuration and have a ready workaround for the w2k3 sp1 issue that
afflicted us by forcing a specific security level on the pipe we were
having problems on.


Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it

More information about the samba-technical mailing list