[Samba] Change ciphers on samba
Rowland penny
rpenny at samba.org
Mon Sep 30 18:03:14 UTC 2019
On 30/09/2019 18:06, akarpinski wrote:
> Samba version is 4.10.7
>
> smb.conf:
>
> # Global parameters
> [global]
> netbios name = dc-1
> realm = REALM
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = EFINITY
> dns forwarder = 192.168.X.X 192.168.X.X
> tls enabled = yes
> tls keyfile = /usr/local/samba/private/tls/server.key
> tls certfile = /usr/local/samba/private/tls/server.crt
> tls cafile = /etc/pki/ca-trust/source/anchors/efinity-CA.crt
I would take this up with whoever supplied your DC certificates, they do
not appear to be strong enough.
Also, you appear to be using Bind9 as your dns server, so you don't need
the 'dns forwarder' line, these should be in your named.conf file.
Rowland
More information about the samba
mailing list