[Samba] Samba 4.2.x requiring TLS authentication
Kris Lou
klou at themusiclink.net
Wed Jul 27 20:38:17 UTC 2016
As of 4.2.11: https://www.samba.org/samba/security/CVE-2016-2112.html
===================
New smb.conf option
===================
ldap server require strong auth (G)
The ldap server require strong auth defines whether the
ldap server requires ldap traffic to be signed or
signed and encrypted (sealed). Possible values are no,
allow_sasl_over_tls and yes.
A value of no allows simple and sasl binds over all transports.
A value of allow_sasl_over_tls allows simple and sasl binds
(without sign or seal)
over TLS encrypted connections. Unencrypted connections only
allow sasl binds with sign or seal.
A value of yes allows only simple binds over TLS encrypted connections.
Unencrypted connections only allow sasl binds with sign or seal.
Default: ldap server require strong auth = yes
In short, "ldap server require strong auth = no"
Kris Lou
klou at themusiclink.net
More information about the samba
mailing list