[Samba] [Solved?] Problem since upgrade to 4.5.1

L.P.H. van Belle belle at bazuin.nl
Mon Nov 21 10:53:43 UTC 2016 

Hai John, 

 

I saw that this was resolved.

 

Just interested, are you using SSL/TLS with samba on you servers,

and do you have you publish the AD DC/CA Root to your computers?

 

Did you look here in GPO : 

Computer Configuration -> Administrative Templates -> System -> Credentials Delegation. 

Before lowering samba security settings. 

 

Some good info here to read into.

https://blogs.technet.microsoft.com/enterprisemobility/2008/07/21/configuring-terminal-servers-for-server-authentication-to-prevent-man-in-the-middle-attacks/

 

and some extra good info.

Single Sign-On for Terminal Services

http://technet.microsoft.com/en-us/library/cc772108(v=WS.10).aspx

and here  SSO in RDP.

https://technet.microsoft.com/en-us/library/cc742808.aspx

 

 

Greetz, 

 

Louis

 

> -----Oorspronkelijk bericht-----

> Van: samba [mailto:samba-bounces at lists.samba.org] Namens John Gardeniers

> via samba

> Verzonden: maandag 21 november 2016 1:22

> Aan: samba at lists.samba.org

> Onderwerp: Re: [Samba] [Solved?] Problem since upgrade to 4.5.1

> 

> Hi Rowland,

> 

> Thanks for the suggestion. So far, since adding 'ntlm auth' to smb.conf

> on the DCs we are no longer having this problem. Only time will tell if

> it stays working but at least I'm no longer getting complaints from the

> users.

> 

> regards,

> John

> 

> 

> On 21/11/16 10:00, Rowland Penny via samba wrote:

> > On Mon, 21 Nov 2016 09:31:28 +1100

> > John Gardeniers via samba <samba at lists.samba.org> wrote:

> >

> >> Hi Rowland,

> >>

> >> I Upgraded from Samba 4.4.2 and we have tried the FQDN without

> >> success.

> >>

> >> regards,

> >> John

> >>

> >>

> >> On 21/11/16 08:02, Rowland Penny via samba wrote:

> >>> On Mon, 21 Nov 2016 07:42:30 +1100

> >>> John Gardeniers via samba <samba at lists.samba.org> wrote:

> >>>

> >>>> Hi Louis,

> >>>>

> >>>> While it wasn't spelled out, it was firmly implied in my previous

> >>>> message that this problem appeared only after the Samba upgrade.

> >>>> Nothing else has changed that might impact RDP. There has been no

> >>>> change to machine names, IP addresses (we use DHCP reservations) or

> >>>> DNS entries. If a dash in the computer's name or DNS entry is

> >>>> behind this issue then it's clearly a rather serious bug in Samba.

> >>>>

> >>>> regards,

> >>>> John

> >>>>

> >>>>

> >>> It might help if you told us what version you upgraded from.

> >>>

> >>> I think there have been problems with windows machine now requiring

> >>> the FQDN instead of the short hostname, so this 'may' be your

> >>> problem, note I say 'may'.

> >>>

> >>> Rowland

> >>>

> >>

> > About the only change real change was 'ntlm auth', try setting this to

> > 'ntlm auth = yes' in smb.conf. I don't think it should affect your

> > problem, but as I said, it is the only real change.

> >

> > Rowland

> >

> 

> 

> --

> To unsubscribe from this list go to the following URL and read the

> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list