[Samba] [Solved?] Problem since upgrade to 4.5.1
L.P.H. van Belle
belle at bazuin.nl
Mon Nov 21 10:53:43 UTC 2016
Hai John,
I saw that this was resolved.
Just interested, are you using SSL/TLS with samba on you servers,
and do you have you publish the AD DC/CA Root to your computers?
Did you look here in GPO :
Computer Configuration -> Administrative Templates -> System -> Credentials Delegation.
Before lowering samba security settings.
Some good info here to read into.
https://blogs.technet.microsoft.com/enterprisemobility/2008/07/21/configuring-terminal-servers-for-server-authentication-to-prevent-man-in-the-middle-attacks/
and some extra good info.
Single Sign-On for Terminal Services
http://technet.microsoft.com/en-us/library/cc772108(v=WS.10).aspx
and here SSO in RDP.
https://technet.microsoft.com/en-us/library/cc742808.aspx
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens John Gardeniers
> via samba
> Verzonden: maandag 21 november 2016 1:22
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] [Solved?] Problem since upgrade to 4.5.1
>
> Hi Rowland,
>
> Thanks for the suggestion. So far, since adding 'ntlm auth' to smb.conf
> on the DCs we are no longer having this problem. Only time will tell if
> it stays working but at least I'm no longer getting complaints from the
> users.
>
> regards,
> John
>
>
> On 21/11/16 10:00, Rowland Penny via samba wrote:
> > On Mon, 21 Nov 2016 09:31:28 +1100
> > John Gardeniers via samba <samba at lists.samba.org> wrote:
> >
> >> Hi Rowland,
> >>
> >> I Upgraded from Samba 4.4.2 and we have tried the FQDN without
> >> success.
> >>
> >> regards,
> >> John
> >>
> >>
> >> On 21/11/16 08:02, Rowland Penny via samba wrote:
> >>> On Mon, 21 Nov 2016 07:42:30 +1100
> >>> John Gardeniers via samba <samba at lists.samba.org> wrote:
> >>>
> >>>> Hi Louis,
> >>>>
> >>>> While it wasn't spelled out, it was firmly implied in my previous
> >>>> message that this problem appeared only after the Samba upgrade.
> >>>> Nothing else has changed that might impact RDP. There has been no
> >>>> change to machine names, IP addresses (we use DHCP reservations) or
> >>>> DNS entries. If a dash in the computer's name or DNS entry is
> >>>> behind this issue then it's clearly a rather serious bug in Samba.
> >>>>
> >>>> regards,
> >>>> John
> >>>>
> >>>>
> >>> It might help if you told us what version you upgraded from.
> >>>
> >>> I think there have been problems with windows machine now requiring
> >>> the FQDN instead of the short hostname, so this 'may' be your
> >>> problem, note I say 'may'.
> >>>
> >>> Rowland
> >>>
> >>
> > About the only change real change was 'ntlm auth', try setting this to
> > 'ntlm auth = yes' in smb.conf. I don't think it should affect your
> > problem, but as I said, it is the only real change.
> >
> > Rowland
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list