Serious Impact of NIST FDCC requirements

bbfoto bbfoto at gmail.com
Mon Mar 17 16:03:11 GMT 2008


To save someone the horror I just went through, (flipping bits one at a time
through the entire FDCC requirement until samba broke)  - 

To make your samba server compatible with FDCC, add this line to smb.conf
globals:
server signing = auto

If your samba server only serves to Windows systems try
server signing = mandatory 

Hope this helps someone!
thanks,
bb



Jeremy Allison wrote:
> 
> On Wed, Jan 23, 2008 at 12:03:49PM -0500, Loyd Darby wrote:
>> New requirements from Congress and the National Institute of standards 
>> is forcing us to reconsider our Samba domain because of the encryption 
>> requirements and signed communications.
>> 
>> I have tried to work my way through Kerberos , server signing and all 
>> that but even though I am no rookie, it is beyond me.
>> 
>> Is any one at Samba looking at this?  
>> 
>> Unless there is some one out there with the smarts to lead a way through 
>> this. 
>> Pretty much all US federal government agencies will have to abandon 
>> Samba and go down that other path.
>> 
>> The root of all this evil can be found here :
>>    http://fdcc.nist.gov/
> 
> As a DC member we already support krb5 and signed communications,
> as well as NTLMv2. As a PDC Samba3 can do NTLMv2 and signed
> communications (and sealed RPC) but not krb5, you'd need to
> use Samba4 as a PDC (not ready yet) to do krb5.
> 
> Samba 3.2 (under preparation) will add IPv6 support.
> 
> What are you missing ?
> 
> Jeremy.
> 
> 

-- 
View this message in context: http://www.nabble.com/Serious-Impact-of-NIST-FDCC-requirements-tp15048390p16094888.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.



More information about the samba-technical mailing list