[Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM

Andrew Bartlett abartlet at samba.org
Thu Apr 13 01:59:21 UTC 2017

On Wed, 2017-04-12 at 20:31 +0000, Leonardo Bruno Lopes wrote:
> Dean Andrew and List,
> I posted here  
>  >>https://lists.samba.org/archive/samba/2017-April/207671.html<<;
> that  
> my problem was solved, but I have the following question:
> What is the possible security issues that may come from removing
> the  
> 'supplementalCredentials' attribute?
> Thanks,
> Leonardo

The KDC will no longer be able to issue AES encrypted tickets, just as
if you had just upgraded from a NT4-like/classic Samba domain.

Otherwise nothing too drastic at this time, but we might start storing
more information there in the future, which is why this is an internal
control not really intended for external use. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba mailing list