[Samba] What are the potential side effects of Multi Versions of Samba AD in the same domain.
Marco Gaiarin
gaio at lilliput.linux.it
Tue Sep 12 10:19:39 UTC 2023
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> Additionally, your Samba 4.7.6 server, unless it has been getting
> security patches, will not interoperate with the 4.15.13 server for
> some specific Kerberos tasks around S4U2Proxy (constrained
> delegation). MS did a massive 6-month or more period of allowing a new
> PAC buffer to be missing, we simply called a flag day (due to
> resources).
> Finally, modern Windows 10/11, that is getting security patches, will
> fail to operate against the 4.7.6 DC (NETLOGON will fail), and even the
> 4.15.13 DC.
You are speaking of:
https://support.microsoft.com/it-it/topic/kb5020805-come-gestire-le-modifiche-al-protocollo-kerberos-correlate-a-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb
so i need to update Samba (on DC, i suppose) to at least 4.18 before october
10, or netlogon will fail? Really?!
--
Donna ti voglio cantare, donna sei luce, donna sei cenere
donnai sei ansia, donnai sei danza
e a volte nuvola sei... (A. Branduardi)
More information about the samba
mailing list