samba-tool domain trust: fix trust compatibility to Windows Server 1709 and FreeIPA
github at samba.org
github at samba.org
Thu Apr 12 01:24:08 UTC 2018
New comment by abartlet on Samba Github repository
https://github.com/samba-team/samba/pull/134#issuecomment-380644971
Comment:
OK, so I've looked into this some more, and the client lib does strictly smb1 unless [smb2] is specified as a binding string. The patch needs to be in the C code to remove this restriction or make it behave better.
I would be happy with us using smb2 by default (if "client ipc max protocol" permits) and instead having an [smb1] flag.
Even better would be to have the auto-negotiation work correctly, but smb1 is going out of fashion quite fast these days so that might be a waste of effort.
Finally, for establishing trusts, you should ensure the SMB connection is encrypted, as the crypto on the trust passwords is pathetic.
More information about the samba-technical
mailing list