[Samba] NTLMSSP Sign/Seal - using NTLM1
rpenny at samba.org
Tue Jul 11 07:48:14 UTC 2023
On 10/07/2023 22:15, Vincent via samba wrote:
> Samba is running on SUSE Linux Enterprise High Performance Computing,
> kernel 5.3.18-22-default.
> Yes, it is a domain member, but there are no ancillary services of which I
> am aware.
> The smb.conf is as follows:
> clustering = Yes
> getwd cache = No
> kernel change notify = No
> max log size = 100000
> netbios name = TEST-SMB
> realm = TEST.COM
> security = ADS
> server min protocol = SMB2_02
> server string = "TEST-SMB"
> workgroup = TESTNET
> idmap config * : range = 4290000001-4291000000
> idmap config abbvienet : unix_nss_info = yes
> idmap config abbvienet : unix_primary_group = yes
> idmap config abbvienet : schema_mode = rfc2307
> idmap config abbvienet : range = 0-4290000000
> idmap config abbvienet : backend = ad
> idmap config * : backend = autorid
> allocation roundup size = 0
> kernel share modes = No
> posix locking = No
> read only = No
> veto files = /.snapshots/
Is this part of a cluster ?
If it is, I would have expected to see more 'cluster' related
parameters, but I am no cluster expert.
Is the workgroup actually 'TESTNET', or is that just a placeholder for '
If your workgroup is really 'ABBVINET', then why are you using both the
'autorid' and 'ad' idmap backends ?
If you only want to use the SMBv2 protocol as a minimum, I would also
set 'client min protocol = SMB2_02', with that set, SMBv1 will not be used.
More information about the samba