[Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM
Leonardo Bruno Lopes
leonardo at cefetmg.br
Thu Apr 13 12:08:13 UTC 2017
Citando Andrew Bartlett via samba <samba at lists.samba.org>:
> On Wed, 2017-04-12 at 20:31 +0000, Leonardo Bruno Lopes wrote:
>> Dean Andrew and List,
>>
>> I posted here
>> >>https://lists.samba.org/archive/samba/2017-April/207671.html<<;
>> that
>> my problem was solved, but I have the following question:
>>
>> What is the possible security issues that may come from removing
>> the
>> 'supplementalCredentials' attribute?
>>
>> Thanks,
>> Leonardo
>
> The KDC will no longer be able to issue AES encrypted tickets, just as
> if you had just upgraded from a NT4-like/classic Samba domain.
>
> Otherwise nothing too drastic at this time, but we might start storing
> more information there in the future, which is why this is an internal
> control not really intended for external use.
Hi Andrew.
My password policy forces users to change their passwords every 12 months.
So we hope soon the get this to the 'most correct use'.
Thank you so much.
Regards,
Leonardor
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> --
> Esta mensagem foi verificada pelo sistema de antivírus e
> acredita-se estar livre de perigo.
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
More information about the samba
mailing list