[Samba] What are the potential side effects of Multi Versions of Samba AD in the same domain.

Marco Gaiarin gaio at lilliput.linux.it
Wed Sep 13 11:26:14 UTC 2023

Mandi! Andrew Bartlett via samba
  In chel di` si favelave...

>> > Additionally, your Samba 4.7.6 server, unless it has been
>> > gettingsecurity patches, will not interoperate with the 4.15.13
>> > server forsome specific Kerberos tasks around S4U2Proxy
>> > (constraineddelegation).  MS did a massive 6-month or more period
>> > of allowing a newPAC buffer to be missing, we simply called a flag
>> > day (due toresources).  Finally, modern Windows 10/11, that is
>> > getting security patches, willfail to operate against the 4.7.6 DC
>> > (NETLOGON will fail), and even the4.15.13 DC.  

>> You are speaking of:
>> https://support.microsoft.com/it-it/topic/kb5020805-come-gestire-le-modifiche-al-protocollo-kerberos-correlate-a-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb
>> so i need to update Samba (on DC, i suppose) to at least 4.18 before
>> october10, or netlogon will fail? Really?!

> I'm talking about 
> https://bugzilla.samba.org/show_bug.cgi?id=15418 id="-x-evo-selection-start-marker">

OK, but this impact NT domains, not AD domains... why you speak about

I'm a bit confused...

  Vendere no, non passa tra i miei rischi,
  non comprate i miei dischi e sputatemi addosso.	(F. Guccini)

More information about the samba mailing list