Late security improvements and my work queue
Alexander Bokovoy
ab at samba.org
Mon Jul 3 06:44:13 UTC 2017
On ma, 03 heinä 2017, Andrew Bartlett via samba-technical wrote:
> On Fri, 2017-06-30 at 23:11 +1200, Andrew Bartlett via samba-technical
> wrote:
> > Just a heads-up, that if I ever get free of ldb locking, I want to
> > try
> > and:
> > - enforce a setting of restrict anonymous = 2 on the AD DC
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=12775
>
> I've not managed this one yet, and it can still be set manually.
>
> > - disable the s3 netlogon server when we are not a DC
> > - add a way to disable NTLM entirely
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
>
> Attached are patches (without tests yet) for this. Please comment.
>
> It should be compatible with FreeIPA's use case, it only changes the
> default and the FreeIPA server still appears to be a PDC for the
> schannel case.
Thanks. I also like the patches. Please follow suggestions by metze.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list