[Samba] accessing foreign AD users to NT domain
Rowland penny
rpenny at samba.org
Thu Aug 27 14:43:10 UTC 2020
On 27/08/2020 15:23, Piviul via samba wrote:
> Rowland penny via samba ha scritto il 27/08/20 alle 15:49:
>> On 27/08/2020 14:19, Piviul via samba wrote:
>>>
>>>>
>>>> Microsoft is enforcing more securitybut it's Microsoft that develop
>>>> NetBIOS and LLMNR and if it's enforcing
>>> security should enforce these protocols or remove them from their OS
>>> isn't it?
>>
>> Microsoft ended support of NT4 servers over 15 years ago, but kept
>> the client code, but it is now actively trying to remove it, hence
>> new Windows 10 installs have SMBv1 turned off. You can never know
>> just when they will totally remove it, but I am sure it will be removed.
> If I have well understood the article that Louis send in a previous
> message, to enforce security it is very important use FQDN to refers
> to samba server and don't use netBIOS or LLMNR names. I don't know
> samba very well so I don't know if NetBIOS is tied to SMBv1 protocol
> but I'm pretty sure that LLMNR isn't: so you don't agree with me if
> Microsoft should emforce security should enforce security on LLMNR
> protocol or remove it from his OS ? ...but perhaps I ignore something
> more...
>
> Best regards
>
> Piviul
>
Netbios is intrinsically tied to SMBv1 and LLMNR (Link-Local Multicast
Name Resolution) is also connected in a way, it allows name resolutions
without a nameserver. So, if you are using it, I personally wouldn't,
ever heard of MITM ?
Rowland
More information about the samba
mailing list