[Samba] Samba 4.2.x requiring TLS authentication
mathias dufresne
infractory at gmail.com
Thu Jul 28 09:20:04 UTC 2016
IMHO, in short, learn to use encrypted connections.
2016-07-27 22:38 GMT+02:00 Kris Lou <klou at themusiclink.net>:
> As of 4.2.11: https://www.samba.org/samba/security/CVE-2016-2112.html
>
> ===================
> New smb.conf option
> ===================
>
> ldap server require strong auth (G)
>
> The ldap server require strong auth defines whether the
> ldap server requires ldap traffic to be signed or
> signed and encrypted (sealed). Possible values are no,
> allow_sasl_over_tls and yes.
>
> A value of no allows simple and sasl binds over all transports.
>
> A value of allow_sasl_over_tls allows simple and sasl binds
> (without sign or seal)
> over TLS encrypted connections. Unencrypted connections only
> allow sasl binds with sign or seal.
>
> A value of yes allows only simple binds over TLS encrypted connections.
> Unencrypted connections only allow sasl binds with sign or seal.
>
> Default: ldap server require strong auth = yes
>
>
> In short, "ldap server require strong auth = no"
>
>
> Kris Lou
> klou at themusiclink.net
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list