[Samba] Regression: The 'net' command is now failing to login (UNKNOWN ENUM VALUE 1003?)
Gaiseric Vandal
gaiseric.vandal at gmail.com
Tue May 31 15:29:15 UTC 2016
On 05/31/16 11:09, pisymbol . wrote:
> On Fri, May 27, 2016 at 3:55 PM, Gaiseric Vandal
> <gaiseric.vandal at gmail.com> wrote:
>> Is the netapp a member of the domain?
> Yes.
>
>> My assumption is that you can have domain members that are patched with domain controllers that are not.
> I don't know what you mean by that. This worked before the samba CVE
> changes took effect in the latest samba3 RPMs distributed by the
> CentOS team.
>
> It certainly feels like regression.
>
> -aps
The patched systems either default to or enforce higher security
settings. The patched systems and non-patched systems don't seem to be
able to negotiate a common set of security settings.
The "http://badlock.org/" site lists of of the security issues.
I found on my machines that I had to specifically disable signing but
that only partially fixed the issue. I think you either need to
downgrade your netapp or upgrade your domain controllers. The only
other thing that MIGHT have worked for me was to disable schannel
support on all systems but that seemed like a bad idea.
More information about the samba
mailing list