[Samba] Samba 4.2.x requiring TLS authentication
Felipe Izaguirre
felipe.mizaguirre at gmail.com
Thu Jul 28 15:22:38 UTC 2016
Thank you guys, I've missed this info for the latest versions.
Felipe Izaguirre
*Computer Scientist Student and Sysadmin*
2016-07-28 6:20 GMT-03:00 mathias dufresne <infractory at gmail.com>:
> IMHO, in short, learn to use encrypted connections.
>
> 2016-07-27 22:38 GMT+02:00 Kris Lou <klou at themusiclink.net>:
>
> > As of 4.2.11: https://www.samba.org/samba/security/CVE-2016-2112.html
> >
> > ===================
> > New smb.conf option
> > ===================
> >
> > ldap server require strong auth (G)
> >
> > The ldap server require strong auth defines whether the
> > ldap server requires ldap traffic to be signed or
> > signed and encrypted (sealed). Possible values are no,
> > allow_sasl_over_tls and yes.
> >
> > A value of no allows simple and sasl binds over all transports.
> >
> > A value of allow_sasl_over_tls allows simple and sasl binds
> > (without sign or seal)
> > over TLS encrypted connections. Unencrypted connections only
> > allow sasl binds with sign or seal.
> >
> > A value of yes allows only simple binds over TLS encrypted
> connections.
> > Unencrypted connections only allow sasl binds with sign or seal.
> >
> > Default: ldap server require strong auth = yes
> >
> >
> > In short, "ldap server require strong auth = no"
> >
> >
> > Kris Lou
> > klou at themusiclink.net
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list