[PATCH] lib/param: Consolidate code to enable smb signing on the server, always enable on AD DC
Stefan (metze) Metzmacher
metze at samba.org
Tue Apr 8 05:40:20 MDT 2014
Am 07.04.2014 01:11, schrieb Andrew Bartlett:
> On Fri, 2013-11-22 at 13:24 +0100, David Disseldorp wrote:
>> On Fri, 22 Nov 2013 14:43:34 +1300
>> Andrew Bartlett <abartlet at samba.org> wrote:
>>
>>> I tried an autobuild with another patch, and that passed. So I tried with just
>>> this patch, and that autobuild passed too, which doesn't provide me with any more insights
>>> on this.
>>>
>>> Do you think we should dare to try an official autobuild again?
>>
>> I pushed again. It made it through this time.
>>
>> Cheers, David
>
> I'm wondering if this is the kind of change we can make during the 4.0
> and 4.1 series? It would be good to be able to rely on SMB signing
> against AD DC servers, but unless we apply this patch Samba 4.0 and 4.1
> will be exceptions to that unless SMB2 is used.
smbd should support FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED.
So what is the actual problem here?
> But on the flip side, it changes default values during a release train,
> and I know that is something we generally don't do.
I don't think we have to change the defaults...
The correct FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED handling should be
enough.
metze
More information about the samba-technical
mailing list