On 12/04/16 21:27, Salvatore Bonaccorso wrote: > Hi > > The upcoming Samba update is bigger than usual since for Jessie an > update is needed to 4.2. We want to expose the package a bit more for > additional testing. Please test the packages found on
[snip] Hi folks, So I missed the testing window and the updates are now out. There are a few problems, mostly with the NEWS.Debian file, which may lead to confusion and/or further issues. Firstly: > Finally, two important configuration options should be considered, > that we were unable to silently change defaults for: > - smb signing = required > - ntlm auth = no > > Without smb signing = required, Man in the Middle attacks are > still possible against our file server and classic/NT4-like/Samba3 > Domain controller. (It is now enforced on our AD DC.) There is no parameter named "smb signing" in smb.conf, and Samba rightly complains: > [2016/04/14 09:43:53, 0] ../lib/param/loadparm.c:743(lpcfg_map_parameter) > Unknown parameter encountered: "smb signing" > [2016/04/14 09:43:53, 0] > ../lib/param/loadparm.c:1626(lpcfg_do_global_parameter) > Ignoring unknown parameter "smb signing" I suspect you meant one/several of "client ipc signing", "client signing" and/or "server signing" instead. Can you please clarify? Secondly: When running a Samba 4 DC, the shift from 4.1 to 4.2 brings some major changes with it and people's smb.conf will need changing. The "server services" line needs "winbind" replacing with "winbindd", and the user must ensure the winbind package is installed. Otherwise, Samba will silently fail to provide a working DC. I will report these bugs on the samba package once I finish putting out some fires caused by all of this... HTH, Chris -- Chris Boot Tiger Computing Ltd ISO27001:2013 Certified Tel: 01600 483 484 Web: https://www.tiger-computing.co.uk Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR
