[PATCH] Turn off NETLOGON by default on standalone/member servers

Andrew Bartlett abartlet at samba.org
Fri Jul 22 09:23:50 UTC 2016

On Sun, 2016-06-12 at 10:22 +0200, Volker Lendecke wrote:
> On Sun, Jun 12, 2016 at 06:37:29PM +1200, Andrew Bartlett wrote:
> > Can we change this for 4.5?  I think we really should reduce our
> > attack
> > surface, and stop offering so many protocols by default.  
> +1. Can we make that a compile-time option such that the NETLOGON
> code is not even built if all an OEM wants is a file server?
> Volker

Just a heads-up that I plan on acting on this +1.  I may not get to the
build options part, but I will smoke test this with a windows client
and propose this before 4.5, as there were no objections that I can
find, just ideas about how we can go further.

I'll come back with a patch that applies based on the one I offered for
4.2 for review.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list