[Samba] minimum of 'server services' for NT style domain ?
Andrew Bartlett
abartlet at samba.org
Wed Oct 9 22:28:58 UTC 2019
On Wed, 2019-10-09 at 09:14 +0100, lejeczek via samba wrote:
> hi guys,
>
> what would be an absolute minimum on the list of sevices one should
> have
> for NT style domain? (userdb in separate LDAP, dns too is in bind9)
>
> And maybe even less need for stand-alone server?
>
> many thanks, L.
Sadly this parameter (server services) is a left-over from the
Samba3/Samba4 split that we haven't papered over. I'm sorry for any
confusion.
It is possible to turn off some RPC services in the smbd file server,
but it isn't clearly documented and certainly isn't tested.
The notable exception is 'disable spoolss'. This disables all the
printing code and if you are not using it would therefore reduce the
attack surface that I presume you are worried about.
I hope this helps a little.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list