Microsoft Enforcement Mode
Andrew Bartlett
abartlet at samba.org
Sun Jan 30 07:47:50 UTC 2022
On Sat, 2022-01-29 at 11:41 +0100, Stefan Kania via samba-technical
wrote:
> I just read, that Microsoft uses a new Enforcement Mode on all MS DCs to
> protect the DC against CVE-2021-42287 and CVE-2021-42278. The
> Enforcement Mode can be deactivated until June, then MS will force it on
> all DCs.
> But with this mode active it's no longer possible to join a Linux-Client
> to a MS-Domain. I could not find out if this will affect Samba or only
> SSSD. If it affect Samba will it affect all Samba-version?
This isn't something that I expected to fail/change based on the
intensive discussions I had with Microsoft during development, so I
think this is an unintentional regression.
David Mulder is chasing this down via the protocols team.
Samba sets passwords via LDAP typically during the join, so isn't as
impacted compared with the tools around sssd (adcli), as I understand
it.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list