[Samba] What are the potential side effects of Multi Versions of Samba AD in the same domain.
Marco Gaiarin
gaio at lilliput.linux.it
Wed Sep 13 11:26:14 UTC 2023
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
>> > Additionally, your Samba 4.7.6 server, unless it has been
>> > gettingsecurity patches, will not interoperate with the 4.15.13
>> > server forsome specific Kerberos tasks around S4U2Proxy
>> > (constraineddelegation). MS did a massive 6-month or more period
>> > of allowing a newPAC buffer to be missing, we simply called a flag
>> > day (due toresources). Finally, modern Windows 10/11, that is
>> > getting security patches, willfail to operate against the 4.7.6 DC
>> > (NETLOGON will fail), and even the4.15.13 DC.
>> You are speaking of:
>> https://support.microsoft.com/it-it/topic/kb5020805-come-gestire-le-modifiche-al-protocollo-kerberos-correlate-a-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb
>> so i need to update Samba (on DC, i suppose) to at least 4.18 before
>> october10, or netlogon will fail? Really?!
> I'm talking about
> https://bugzilla.samba.org/show_bug.cgi?id=15418 id="-x-evo-selection-start-marker">
OK, but this impact NT domains, not AD domains... why you speak about
Kerberos?!
I'm a bit confused...
--
Vendere no, non passa tra i miei rischi,
non comprate i miei dischi e sputatemi addosso. (F. Guccini)
More information about the samba
mailing list