Rowland Penny
2023-Oct-23 08:19 UTC
[Samba] Low performance when using "server signing" = "mandatory"
On Mon, 23 Oct 2023 09:54:47 +0200 Adam B?aszczykowski via samba <samba at lists.samba.org> wrote:> Hello, > I have updated my system to Debian 12 with Samba 4.17.12, but the > problem with performance still exist. > On the Samba page there is a note in the CVE-2016-2114 description: > "Note that the default for server roles other than active directory > domain controller, is "off" because of performance reasons." > https://www.samba.org/samba/security/CVE-2016-2114.html > > Does it mean that using "server signing = required" for file server > with "server role = standalone" doesn't increase security and only > cause problems with performance ?No, what it is saying is, from my understanding, that it is set to off by default on everything but a DC because of the very problem you are suffering, whilst you get better security, it just slows everything down. Also, I have never understood why anyone would run a standalone server in a domain, you lose everything a domain gives you. Rowland
Adam Błaszczykowski
2023-Oct-23 10:02 UTC
[Samba] Low performance when using "server signing" = "mandatory"
Ok thank you. So, Is my file server with Samba 4.17.12 vulnerable to CVE-2016-2114 if it is not a DC server? To be clear, I don't use any Active Directory domain controller in my network. Best regards. Adam Blaszczykowski pon., 23 pa? 2023 o 10:20 Rowland Penny via samba <samba at lists.samba.org> napisa?(a):> On Mon, 23 Oct 2023 09:54:47 +0200 > Adam B?aszczykowski via samba <samba at lists.samba.org> wrote: > > > Hello, > > I have updated my system to Debian 12 with Samba 4.17.12, but the > > problem with performance still exist. > > On the Samba page there is a note in the CVE-2016-2114 description: > > "Note that the default for server roles other than active directory > > domain controller, is "off" because of performance reasons." > > https://www.samba.org/samba/security/CVE-2016-2114.html > > > > Does it mean that using "server signing = required" for file server > > with "server role = standalone" doesn't increase security and only > > cause problems with performance ? > > No, what it is saying is, from my understanding, that it is set to off > by default on everything but a DC because of the very problem you are > suffering, whilst you get better security, it just slows everything > down. > > Also, I have never understood why anyone would run a standalone server > in a domain, you lose everything a domain gives you. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Apparently Analagous Threads
- Low performance when using "server signing" = "mandatory"
- Low performance when using "server signing" = "mandatory"
- Low performance when using "server signing" = "mandatory"
- Low performance when using "server signing" = "mandatory"
- Low performance when using "server signing" = "mandatory"