[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10
Shashi Kanth Boddula
shashi.bsd at gmail.com
Wed Apr 25 17:42:07 UTC 2018
Hi Everyone,
I have Samba server 3.5.10 running on RHEL 5.8 platform and it has joined
to our AD domain controller. Recently my Windows guys has done some changes
to AD Security by stating " CIFS Null Session Vulnerability Fix via GPO -
Security Requirement". After this change, my windows clients are not
authenticating with domain credentials while accessing the shares, but
nothing has changed on the Samba side. The "net ads" commands on the Samba
server shows everything seems to be OK, but still Windows clients are not
authenticating. The Windows guys are telling they have to make some AD GPO
changes to avoid NULL or Anonymous connections coming in to the AD DC
Servers.
Can someone please tell me how i can solve this issue. How can i tell Samba
to not to issue NULL/ Anonymous communications to AD DCs. Is this a known
issue or bug with Samba3, is there any solution to it ? Any parameters in
smb.conf which solves it? Please advice.
My smb.conf looks like bellow.
workgroup = EMEA
server string = SambaStorage
password server = EMEA.NET
passdb backend = tdbsam
smb encrypt = disabled
realm = EMEA.NET
security = ADS
interfaces = 192.168.85.124 192.168.85.127 127.0.0.1
# interfaces = bond1:1 bond1:2 bond1 lo
bind interfaces only = no
local master = no
preferred master = no
os level = 33
dns proxy = yes
wins support = no
wide links = yes
unix extensions = no
log file = /var/log/samba/smb3x.log
max log size = 50000
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
SO_SNDBUF=65536 SO_KEEPALIVE
deadtime = 800
load printers = no
printcap name = /dev/null
disable spoolss = yes
winbind separator = +
winbind use default domain = true
winbind offline logon = false
username map = /etc/samba/smbusers.map
debug level = 1
smb ports = 139 445
netbios name = MYSAMBAX09
client use spnego = yes
#domain master = no
map to guest = bad uid
hide dot files = no
invalid users = netrun
--
Thanks & Regards,
Shashi Kanth
9886455567
More information about the samba
mailing list