[Samba] samba_dlz: disallowing update of signer error=insufficient access rights
Rowland penny
rpenny at samba.org
Fri Nov 27 16:46:47 UTC 2020
On 27/11/2020 16:02, L.P.H. van Belle via samba wrote:
> I need correct DNS resolvings mostly.
> I have no more netbios here.
>
> dhcp sends option 252, i have .. wpad.dns.domain.tld.
> Pc resolves to webserver, picksup wpad.dat of proxy.pac,
> what you set..
>
> The content is processes of proxy.pac.
>
> And that does something like this.
>
> function FindProxyForURL(url, host) {
>
> // Checks if HOST is an IPv4 address, If HOST is NOT an IPv4 address
> // we check if we can resolve the HOST.
> // If we can't, we immediately return DIRECT. (No Proxy)
> if (!shExpMatch(host, "/^\d+\.\d+\.\d+\.\d+$/g")) {if(!isResolvable(host))
> { return "DIRECT"; }}
> // bypass proxy.
>
> // Resolves hostnames to an IP address, used to reduce the number of DNS lookups.
> var resolved_ip = dnsResolve(host);
>
> // If the resolved hostname of the requested website is hosted within the
> //internal network, send direct.
> if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
> isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
> isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
> isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
> return "DIRECT";
>
> // If we detect a "common" lan extention, return DIRECT
> if (shExpMatch(host, "*.local")) return "DIRECT";
> if (shExpMatch(host, "*.lan")) return "DIRECT";
>
> // If the resolved hostname of the requested website contains matches send DIRECT
> if (shExpMatch(host, "*.specialwebsite.tld")) return "DIRECT";
>
> // DEFAULT RULE: All other traffic, use below proxy,
> // but use direct/bypass if proxy does not reponse
> return "PROXY 192.168.0.1:8080";
>
> So .. No netbios involved here.. ;-)
>
Not disputing that, but I found a McAfee page about it and a workaround
was to disable netbios over TCP/IP.
Rowland
More information about the samba
mailing list