Serious Impact of NIST FDCC requirements
bbfoto
bbfoto at gmail.com
Mon Mar 17 16:03:11 GMT 2008
To save someone the horror I just went through, (flipping bits one at a time
through the entire FDCC requirement until samba broke) -
To make your samba server compatible with FDCC, add this line to smb.conf
globals:
server signing = auto
If your samba server only serves to Windows systems try
server signing = mandatory
Hope this helps someone!
thanks,
bb
Jeremy Allison wrote:
>
> On Wed, Jan 23, 2008 at 12:03:49PM -0500, Loyd Darby wrote:
>> New requirements from Congress and the National Institute of standards
>> is forcing us to reconsider our Samba domain because of the encryption
>> requirements and signed communications.
>>
>> I have tried to work my way through Kerberos , server signing and all
>> that but even though I am no rookie, it is beyond me.
>>
>> Is any one at Samba looking at this?
>>
>> Unless there is some one out there with the smarts to lead a way through
>> this.
>> Pretty much all US federal government agencies will have to abandon
>> Samba and go down that other path.
>>
>> The root of all this evil can be found here :
>> http://fdcc.nist.gov/
>
> As a DC member we already support krb5 and signed communications,
> as well as NTLMv2. As a PDC Samba3 can do NTLMv2 and signed
> communications (and sealed RPC) but not krb5, you'd need to
> use Samba4 as a PDC (not ready yet) to do krb5.
>
> Samba 3.2 (under preparation) will add IPv6 support.
>
> What are you missing ?
>
> Jeremy.
>
>
--
View this message in context: http://www.nabble.com/Serious-Impact-of-NIST-FDCC-requirements-tp15048390p16094888.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list