On 10/08/2023 17.52, Philippe LeCavalier via samba wrote:> The solution is to update Samba to (security update to 4.17) so that 166 > (and possible 244) work from the client side. If you rely on a client side > solution you will likely continuously revisit this issue.I know I have to update Samba, but it's a hard job on a lot of small installations, and it requires quite a lot of time. Windows has been backwards (Samba NT and Samba AD) compatible for almost 25 years (win98 to win10) and now it seems it's all over. Every patch breaks something. -- Fabio Muzzi Frabetti Consulenza informatica Sistemi Linux - Sicurezza informatica - Sistemi VoIP Integrazione Windows/Linux
Just to nitpick... But I have Samba on Bullseye at home, and it still works for my DOS 6.22/Windows 3.1 VM for sharing old games back and forth :) Samba's been awesome in that regard too, making it possible. On Thu, Aug 10, 2023 at 11:56?AM Fabio Muzzi via samba < samba at lists.samba.org> wrote:> On 10/08/2023 17.52, Philippe LeCavalier via samba wrote: > > > The solution is to update Samba to (security update to 4.17) so that 166 > > (and possible 244) work from the client side. If you rely on a client > side > > solution you will likely continuously revisit this issue. > > I know I have to update Samba, but it's a hard job on a lot of small > installations, and it requires quite a lot of time. > > Windows has been backwards (Samba NT and Samba AD) compatible for almost > 25 years (win98 to win10) and now it seems it's all over. Every patch > breaks something. > > > -- > Fabio Muzzi Frabetti > > Consulenza informatica > Sistemi Linux - Sicurezza informatica - Sistemi VoIP > Integrazione Windows/Linux > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Thu, 2023-08-10 at 20:56 +0200, Fabio Muzzi via samba wrote:> On 10/08/2023 17.52, Philippe LeCavalier via samba wrote: > > > The solution is to update Samba to (security update to 4.17) so > > that 166 > > (and possible 244) work from the client side. If you rely on a > > client side > > solution you will likely continuously revisit this issue. > > I know I have to update Samba, but it's a hard job on a lot of small > installations, and it requires quite a lot of time. > > Windows has been backwards (Samba NT and Samba AD) compatible for > almost 25 years (win98 to win10) and now it seems it's all over. > Every patch breaks something. >To be clear, Microsoft has shown no indication that they intend to unbreak this. The change (which could have been less strict and so not boken Samba) was made for security reasons. The have discussed with us the change and the expected behaviour we need to meet, but no suggestion has been made that they were going to update the client on their side. Even if they did, it wouldn't be fast, the last time (when they changed a kerberos 'end of time' to 9999 and hit an overflow in Heimdal) it took a number of months and was done via the quality branch, not the urgent things. If there are still issues after you patch Samba, please let us know. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions
10.08.2023 21:56, Fabio Muzzi via samba wrote:> On 10/08/2023 17.52, Philippe LeCavalier via samba wrote: > >> The solution is to update Samba to (security update to 4.17) so that 166 >> (and possible 244) work from the client side. If you rely on a client side >> solution you will likely continuously revisit this issue. > > I know I have to update Samba, but it's a hard job on a lot of small installations, and it requires quite a lot of time.This is brilliant. "I know our installation is full of bugs and security issues, but it is hard to update it so we wont" :) /mjt