[Samba] accessing foreign AD users to NT domain

Rowland penny rpenny at samba.org
Thu Aug 27 14:43:10 UTC 2020

On 27/08/2020 15:23, Piviul via samba wrote:
> Rowland penny via samba ha scritto il 27/08/20 alle 15:49:
>> On 27/08/2020 14:19, Piviul via samba wrote:
>>>> Microsoft is enforcing more securitybut it's Microsoft that develop 
>>>> NetBIOS and LLMNR and if it's enforcing 
>>> security should enforce these protocols or remove them from their OS 
>>> isn't it?
>> Microsoft ended support of NT4 servers over 15 years ago, but kept 
>> the client code, but it is now actively trying to remove it, hence 
>> new Windows 10 installs have SMBv1 turned off. You can never know 
>> just when they will totally remove it, but I am sure it will be removed.
> If I have well understood the article that Louis send in a previous 
> message, to enforce security it is very important use FQDN to refers 
> to samba server and don't use netBIOS or LLMNR names. I don't know 
> samba very well so I don't know if NetBIOS is tied to SMBv1 protocol 
> but I'm pretty sure that LLMNR isn't: so you don't agree with me if 
> Microsoft should emforce security should enforce security on LLMNR 
> protocol or remove it from his OS ? ...but perhaps I ignore something 
> more...
> Best regards
> Piviul
Netbios is intrinsically tied to SMBv1 and  LLMNR (Link-Local Multicast 
Name Resolution) is also connected in a way, it allows name resolutions 
without a nameserver. So, if you are using it, I personally wouldn't, 
ever heard of MITM ?


More information about the samba mailing list