[Samba] RODC in remote Site
cn at brain-biotech.de
cn at brain-biotech.de
Tue Feb 16 07:24:16 UTC 2021
Am 16.02.21 um 08:11 schrieb Andrew Bartlett via samba:
> It will be the 'restrict anonymous = 2' on the DC I suppose. I don't
> know why winbindd on the RODC isn't authenticating the SMB layer of the
> connection, and I suppose that makes it a bug (we are almost certainly
> authenticating the next layer in, the NETLOGON pipe with schannel), but
> if that fixes it at least we know what is going on.
>
> My guess is that we are not NTLMSSP/kerberos authenticating the SMB the
> netlogon pipe is on because we used to use this to bootstrap
> authentication of the other pipes (also with schannel) before MS broke
> that (fixed a security bug actually...).
>
> Anyway, try that and use the information to file a bug.
Thanks Andrew. This was it. I will file a bug.
Regards
Christian
--
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list