[Samba] samba_dlz: disallowing update of signer error=insufficient access rights

Rowland penny rpenny at samba.org
Fri Nov 27 16:46:47 UTC 2020


On 27/11/2020 16:02, L.P.H. van Belle via samba wrote:
> I need correct DNS resolvings mostly.
> I have no more netbios here.
>
> dhcp sends option 252, i have .. wpad.dns.domain.tld.
> Pc resolves to webserver, picksup wpad.dat of proxy.pac,
> what you set..
>
> The content is processes of proxy.pac.
>
> And that does something like this.
>
> function FindProxyForURL(url, host) {
>
>      // Checks if HOST is an IPv4 address, If HOST is NOT an IPv4 address
>      // we check if we can resolve the HOST.
>      // If we can't, we immediately return DIRECT. (No Proxy)
>      if (!shExpMatch(host, "/^\d+\.\d+\.\d+\.\d+$/g")) {if(!isResolvable(host))
> 	{ return "DIRECT"; }}
> 	// bypass proxy.
>
>    // Resolves hostnames to an IP address, used to reduce the number of DNS lookups.
>          var resolved_ip = dnsResolve(host);
>
>      // If the resolved hostname of the requested website is hosted within the
>      //internal network, send direct.
>          if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
>          isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
>          isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
>          isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
>      return "DIRECT";
>
> // If we detect a "common" lan extention, return DIRECT
> if (shExpMatch(host, "*.local")) return "DIRECT";
> if (shExpMatch(host, "*.lan")) return "DIRECT";
>
> // If the resolved hostname of the requested website contains matches send DIRECT
> if (shExpMatch(host, "*.specialwebsite.tld")) return "DIRECT";
>
>   // DEFAULT RULE: All other traffic, use below proxy,
>   // but use direct/bypass if proxy does not reponse
>     return "PROXY 192.168.0.1:8080";
>
> So .. No netbios involved here.. ;-)
>
Not disputing that, but I found a McAfee page about it and a workaround 
was to disable netbios over TCP/IP.

Rowland





More information about the samba mailing list