On 30/03/2023 14:41, Christian Naumer via samba wrote:> Am Donnerstag, dem 30.03.2023 um 14:03 +0100 schrieb Rowland Penny via
samba:
>>
>>
>> On 30/03/2023 13:56, Corrado Ravinetto via samba wrote:
>>> Ok, i added more than 50 rows like server reject md5 ecc.ecc.ecc.
>>> Now logs are clean, but, before upgrade this not happened
>>>
>>>
>>
>> Which is why I said it was a bit weird.
>>
>> The CVE fixes went into Samba 4.16.8 and you upgraded from 4.17.x, so I
>> would have expected that CVE fix to have been in your 4.17 version and
>> for you to have had the lines in your log from then.
>
>
> Hi Rowland, correct but also 4.17.4 was released with this fix. Maybe the
upgrade was from an
> earlier version?
Corrado never actually mentioned what 4.17.x he upgraded from, but you
are correct the CVE fix went into 4.15.13, 4.16.8 and 4.17.4 , Thanks
for pointing that out, I should have checked better.
>
> What is more interesting is that he did not see any effect (something not
working) only the
> log entries. Not that he just opened that security whole again by removing
the errors in the
> log.
He possibly has, which is why I also said:
Then see if you can upgrade ARRQUADRO_2_16 to use a better cipher.
If he could get the computer to use a better cipher, he then wouldn't
need the line in smb.conf
From the sound of it, he has some very old computers in his domain.
Rowland