Late security improvements and my work queue
Alexander Bokovoy
ab at samba.org
Fri Jun 30 12:34:44 UTC 2017
On pe, 30 kesä 2017, Andrew Bartlett via samba-technical wrote:
> Just a heads-up, that if I ever get free of ldb locking, I want to try
> and:
> - enforce a setting of restrict anonymous = 2 on the AD DC
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12775
> - disable the s3 netlogon server when we are not a DC
Can you explain what do you mean by the latter item? What DC you mean
here?
FreeIPA heavily relies on s3 netlogon server in this configuration:
[global]
security = user
domain master = yes
domain logons = yes
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list