[Samba] RODC in remote Site

cn at brain-biotech.de cn at brain-biotech.de
Tue Feb 16 07:24:16 UTC 2021


Am 16.02.21 um 08:11 schrieb Andrew Bartlett via samba:

> It will be the 'restrict anonymous = 2' on the DC I suppose.  I don't
> know why winbindd on the RODC isn't authenticating the SMB layer of the
> connection, and I suppose that makes it a bug (we are almost certainly
> authenticating the next layer in, the NETLOGON pipe with schannel), but
> if that fixes it at least we know what is going on.
> 
> My guess is that we are not NTLMSSP/kerberos authenticating the SMB the
> netlogon pipe is on because we used to use this to bootstrap
> authentication of the other pipes (also with schannel) before MS broke
> that (fixed a security bug actually...).
> 
> Anyway, try that and use the information to file a bug.

Thanks Andrew. This was it. I will file a bug.


Regards


Christian

-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen



More information about the samba mailing list