Dr. Thomas Orgis
2022-Jan-26 14:10 UTC
[Samba] Remove LanMan auth from the AD DC and possibly file server?
Am Wed, 26 Jan 2022 07:55:22 -0600 schrieb Patrick Goetz via samba <samba at lists.samba.org>:> - Instrumentation equipment running old versions of Windows which > can't be upgraded > However it should be possible to run older versions > of Samba in a container?I think for old appliances without software maintenance, it is appropriate to segregate them in the network and have an equally segregated instance of an old version of samba serving them. I'd build some kind of bridge pulling the data from things like scanners into the new storage environment automatically, but not having the old devices dictate how the public service is run. Heck, you could encapsulate things even by (literally) duct-taping a single-board computer to the old expensive hardware that presents as the old-style SMB server to it (using container, VM, or just a custom build of samba for this) and talk to the newer servers on the outside in whatever fashion. But of course, if this is in a customer's network who doesn't even want to consider changing the config of scanners to use SMTP instead ? it might not be viable to convince them of such a solution;-) Not speaking current SMB might be one of the lesser reasons not to have these things on the network along with other gear ? Alrighty then, Thoams -- Dr. Thomas Orgis HPC @ Universit?t Hamburg
Patrick Goetz
2022-Jan-26 14:26 UTC
[Samba] Remove LanMan auth from the AD DC and possibly file server?
On 1/26/22 08:10, Dr. Thomas Orgis wrote:> Am Wed, 26 Jan 2022 07:55:22 -0600 > schrieb Patrick Goetz via samba <samba at lists.samba.org>: > >> - Instrumentation equipment running old versions of Windows which >> can't be upgraded >> However it should be possible to run older versions >> of Samba in a container? > > I think for old appliances without software maintenance, it is > appropriate to segregate them in the network and have an equally > segregated instance of an old version of samba serving them. I'd build > some kind of bridge pulling the data from things like scanners into the > new storage environment automatically, but not having the old devices > dictate how the public service is run. >The reality at my University is that any version of Windows which is out of maintenance (e.g. Windows <= 7) is considered insecure and can't be open to the public network anyway, so must be segregated. It's a rather large university, and we have dozens, maybe even hundreds of systems like this. Of course most small office environments are NATed and firewalled, so this isn't as much of an issue for them, but your suggestion is still probably best practice, if just from a system's administration perspective.> Heck, you could encapsulate things even by (literally) duct-taping a > single-board computer to the old expensive hardware that presents as > the old-style SMB server to it (using container, VM, or just a custom > build of samba for this) and talk to the newer servers on the outside > in whatever fashion. > > But of course, if this is in a customer's network who doesn't even > want to consider changing the config of scanners to use SMTP instead ? > it might not be viable to convince them of such a solution;-) > > Not speaking current SMB might be one of the lesser reasons not to have > these things on the network along with other gear ? > > > Alrighty then, > > Thoams >