[Samba] Badlock patching difficult
hartnegg at uni-freiburg.de
Tue Apr 19 14:42:13 UTC 2016
I prefer to not blindly throw in updates, but understand what is changing.
Is there an admin-compatible summary of the 4.3.8 release notes? They
are full of technical details that require insider knowledge of the SMB
protocol. I read it all, but still do not know what needs to be done.
Are there options which must be set in order to be secure?
Which options will cause compatibility issues?
Should I enable "client signing" on a classic PDC with Win7 clients?
Will "server max protocol = NT1" still work? (Unfortunately we need
this, otherwise one program cannot be run from a samba share)
Also (eventough it probably not affects me on a PDC) I wonder why "tls
verify peer" defaults to "as_strict_as_possible", when the Samba default
is auto-generated certificates, which to not have a crl file.
Does not sound like this will be an easy upgrade for everybody.
More information about the samba