., Srikanth N S
2025-Jul-14 12:59 UTC
[Samba] Security hardening for Microsoft RPC Netlogon protocol question
Hi, We are using winbindd in nsswitch and our idmap backend is rid/autorid. Our uids/gids are generated by rid policy instead of them being fetched from AD. Could you please let us know if we will be affected by the Microsoft RPC Netlogon protocol Security Hardening update. Thanks & Regards, Srikanth NS
Ralph Boehme
2025-Jul-14 13:06 UTC
[Samba] Security hardening for Microsoft RPC Netlogon protocol question
On 7/14/25 2:59 PM, ., Srikanth N S via samba wrote:> We are using winbindd in nsswitch and our idmap backend is rid/ > autorid. Our uids/gids are generated by rid policy instead of them > being fetched from AD. > > Could you please let us know if we will be affected by the Microsoft > RPC Netlogon protocol Security Hardening update.no, you're not. https://www.samba.org/samba/history/samba-4.22.3.html Who is affected? Samba installations acting as member servers in Windows AD domains will be affected if they are configured to use the 'ad' idmapping backend. Samba servers not using this configuration will not be affected by the change ? at least to our current knowledge and understanding of the change ? and no further action is required. Current versions of Samba with the affected configuration will no longer function correctly once the Microsoft update has been applied. Users will not be able to connect to the SMB service provided by Samba for any domain configured to use the 'ad' idmapping backend. -slow -- SerNet Samba Team Lead https://sernet.com/ Samba Team Member https://samba.org/ Samba Support and Dev https://samba.plus/services/ SAMBA+ packages https://samba.plus/products/samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20250714/d349b30b/OpenPGP_signature.sig>