[PATCH] Turn off NETLOGON by default on standalone/member servers

Andrew Bartlett abartlet at samba.org
Mon Feb 23 18:17:27 MST 2015


Our security advisory at
https://www.samba.org/samba/security/CVE-2015-0240 suggests

> 
> ========== 
> Workaround
> ==========
> 
> On Samba versions 4.0.0 and above, add the line:
> 
> rpc_server:netlogon=disabled
> 
> to the [global] section of your smb.conf. 

This patch enforces that, turning off NETLOGON when we are not a DC.  

Jeremy,

Can you check this doesn't break anything?  (I'm running an autobuild,
but I'm not sure that will find anything much for this). 

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-param-Turn-off-the-NETLOGON-server-by-default-in-.patch
Type: text/x-patch
Size: 1224 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150224/e4df17ad/attachment.bin>


More information about the samba-technical mailing list