[PATCH] Turn off NETLOGON by default on standalone/member servers

Andrew Bartlett abartlet at samba.org
Mon Feb 23 18:17:27 MST 2015

Our security advisory at
https://www.samba.org/samba/security/CVE-2015-0240 suggests

> ========== 
> Workaround
> ==========
> On Samba versions 4.0.0 and above, add the line:
> rpc_server:netlogon=disabled
> to the [global] section of your smb.conf. 

This patch enforces that, turning off NETLOGON when we are not a DC.  


Can you check this doesn't break anything?  (I'm running an autobuild,
but I'm not sure that will find anything much for this). 


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-param-Turn-off-the-NETLOGON-server-by-default-in-.patch
Type: text/x-patch
Size: 1224 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150224/e4df17ad/attachment.bin>

More information about the samba-technical mailing list