search for: hardening_samba_as_an_ad_dc

...is enforced in the Active > Directory DC? > > Thanks > Andrea I don't think there is anything you can set on a Samba Unix domain member, it will have little or nothing to do with any arbitrary ldap searches run on it. You might like to read this: https://wiki.samba.org/index.php/Hardening_Samba_as_an_AD_DC Where it says this: Microsoft has chosen a different path to addressing this issue, and instead would like AD clients to include a session-specific value in the NTLMv2 response, known a channel binding. Samba doesn't set this as a client nor does it check this as a server, at this time. I kn...

...elp you I need some more information. Are you migrating from a Windows Server environment? If so, what version. I think a 2008_R2 domain level should not be much of an issue. From a security aspect you can do a few things like only using SMB3 and strong encryption. https://wiki.samba.org/index.php/Hardening_Samba_as_an_AD_DC Darin

Hello, I have configured a Samba server (Version 4.15.13-Ubuntu) as an Active Directory domain member, and it joined successfully to the domain and it's working fine, I have used the following Samba wiki: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Now, my customer decided to enforce the LDAP signing in the Active Directory DC. I can't find any specific setting

...ait before moving to FL 2012_R2 at least until Samba 4.20 is released on FreeBSD (currently only 4.19 is available), regardless of the migration method we choose. I will replay the classicupgrade today after adapting my Ansible playbooks accordingly. > > https://wiki.samba.org/index.php/Hardening_Samba_as_an_AD_DC > > Darin > Regards,