Rowland Penny
2022-Feb-08 20:48 UTC
[Samba] Remove LanMan auth from the AD DC and possibly file server?
On Tue, 2022-02-08 at 14:35 -0600, Patrick Goetz via samba wrote:> > On 2/7/22 23:13, Jeremy Allison via samba wrote: > > On Tue, Feb 08, 2022 at 06:04:01PM +1300, Andrew Bartlett via samba > > wrote: > > > On Mon, 2022-02-07 at 18:38 +0100, Ralph Boehme via samba wrote: > > > > On 1/26/22 04:50, Andrew Bartlett via samba wrote: > > > > > What do folks think? > > > > > > > > I would vote for removing it and if people still require it to > > > > work > > > > with > > > > old shit they can just continue using the latest Samba version > > > > that > > > > supports it. > > > > > > Thanks! > > > > Yes, to be honest I'm more leaning on supporting Ralph > > now than trying to split hairs :-). > > > > If people want LANMAN auth they can just keep running > > the last version that supports it. It's not like they're > > worried about security anyway :-) :-). > > > > Or more likely they're running it in a completely isolated (or DMZ > gatewayed) environment with equipment that can't be upgraded (e.g. > instrumentation control PC's running old versions of Windows which > can't > be upgraded). That's what we do; there's no good alternative unless > your user has, for example, a million dollars to shell out for a new > machine with new PCs, and even then. We just got a new 1.5 million > dollar microscope and the control PC is running Windows 2012. \o/If you are paying 1.5 million dollars for something that contains a PC, then it should have been part of the contract that the OS was the latest version. Rowland
Patrick Goetz
2022-Feb-09 09:15 UTC
[Samba] Remove LanMan auth from the AD DC and possibly file server?
On 2/8/22 14:48, Rowland Penny via samba wrote:>> >> Or more likely they're running it in a completely isolated (or DMZ >> gatewayed) environment with equipment that can't be upgraded (e.g. >> instrumentation control PC's running old versions of Windows which >> can't >> be upgraded). That's what we do; there's no good alternative unless >> your user has, for example, a million dollars to shell out for a new >> machine with new PCs, and even then. We just got a new 1.5 million >> dollar microscope and the control PC is running Windows 2012. \o/ > > If you are paying 1.5 million dollars for something that contains a PC, > then it should have been part of the contract that the OS was the > latest version. >Hmm, well, yes, but it turns out that the numbers of vendors in some cases is limited to one (so making demands is futile) and this is of no concern whatsoever to the scientists, who are just focused on the quality of images we get out of the system and who make the buying decisions. I mean, they have other concerns. The computational parts of these systems are fairly simple (in my opinion) compared to, for example, sample preparation, which from my perspective is black magic voodoo bedeviled by dragons (and the grad students doing the prep would probably concur). At least it's not Windows 7, which was the OS on the previous instrumentation PC? Or allow me to summarize: "just make it work, Patrick." Why anyone in science uses Windows for anything in 2022 is beyond me.> Rowland > > >