[Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM
abartlet at samba.org
Thu Apr 13 01:59:21 UTC 2017
On Wed, 2017-04-12 at 20:31 +0000, Leonardo Bruno Lopes wrote:
> Dean Andrew and List,
> I posted here
> my problem was solved, but I have the following question:
> What is the possible security issues that may come from removing
> 'supplementalCredentials' attribute?
The KDC will no longer be able to issue AES encrypted tickets, just as
if you had just upgraded from a NT4-like/classic Samba domain.
Otherwise nothing too drastic at this time, but we might start storing
more information there in the future, which is why this is an internal
control not really intended for external use.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
More information about the samba