Am 2015-10-02 um 09:07 schrieb Dirk Laurenz (Samba Mailinglisten Account:> Hi, > > i managed to create a level 10 debug log - bug id 11538I hit this bug yesterday in a NT-based domain with samba-3.6.25. Is there any patch or workaround for samba-3.x as well? The patch in the mentioned bug does some LDAP-change ... I don't have any LDAP there. Sure, migration to samba-4 and/or ADS-based domain has to be sooner or later, I assume ;-)
Hi, As you should know, 3.x is out of support. Assuming this is related to the KB2992611 MS update, basically the bar was raised for clients in response to a security issue, and caused havoc for people on Windows as well. In order to fix 3.x, a good chunk of the infrastructure written for Samba 4 (AD) would likely have to be moved across because the bar really just has been raised unfortunately. There really isn't any trivial fix, besides uninstalling the KB2992611 but I wouldn't really recommend it as it probably exposes you to a serious security vulnerability. Cheers, Garming Sam On 22/03/2016 6:07 p.m., Stefan G. Weichinger wrote:> Am 2015-10-02 um 09:07 schrieb Dirk Laurenz (Samba Mailinglisten Account: >> Hi, >> >> i managed to create a level 10 debug log - bug id 11538 > I hit this bug yesterday in a NT-based domain with samba-3.6.25. > Is there any patch or workaround for samba-3.x as well? The patch in the > mentioned bug does some LDAP-change ... I don't have any LDAP there. > > Sure, migration to samba-4 and/or ADS-based domain has to be sooner or > later, I assume ;-) > > >--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Am 2016-03-22 um 10:45 schrieb Garming Sam:> Hi, > > As you should know, 3.x is out of support. Assuming this is related to > the KB2992611 MS update, basically the bar was raised for clients in > response to a security issue, and caused havoc for people on Windows as > well. In order to fix 3.x, a good chunk of the infrastructure written > for Samba 4 (AD) would likely have to be moved across because the bar > really just has been raised unfortunately. There really isn't any > trivial fix, besides uninstalling the KB2992611 but I wouldn't really > recommend it as it probably exposes you to a serious security > vulnerability.Thanks for pointing this out. To keep the momentary changes as small as possible I consider upgrading to samba-4.x at first, without touching the NT4-style domain for now. gentoo linux provides samba-4.2.9 as unstable package, I assume this would run OK as well for our rather simple use case. Would the move to 4.2.9 help around that specific bug as well? thanks for helping, Stefan