Late security improvements and my work queue

Alexander Bokovoy ab at
Fri Jun 30 12:34:44 UTC 2017

On pe, 30 kesä 2017, Andrew Bartlett via samba-technical wrote:
> Just a heads-up, that if I ever get free of ldb locking, I want to try
> and:
>  - enforce a setting of restrict anonymous = 2 on the AD DC
>    BUG:
>  - disable the s3 netlogon server when we are not a DC
Can you explain what do you mean by the latter item? What DC you mean

FreeIPA heavily relies on s3 netlogon server in this configuration:

  security = user
  domain master = yes
  domain logons = yes
  rpc_server:epmapper = external
  rpc_server:lsarpc = external
  rpc_server:lsass = external
  rpc_server:lsasd = external
  rpc_server:samr = external
  rpc_server:netlogon = external
  rpc_server:tcpip = yes
  rpc_daemon:epmd = fork
  rpc_daemon:lsasd = fork

/ Alexander Bokovoy

More information about the samba-technical mailing list