Displaying 12 results from an estimated 12 matches for "ldapenforcechannelbind".
2018 Mar 16
0
Samba, AD and devices compatibility...
...t.com/en-us/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements
If they say 'just use SSL', then the allow_sasl_over_tls part of that
option is to address this issue:
https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry
We (and likely they) don't support the channel bindings (patches
welcome!), but the protocol flaw (no link between the SSL and the
NTLM/Kerberos handshake inside) is the one we are trying to avoid.
The manpage is vague because we fixed our implementation before they
did the...
2024 Aug 02
0
[Announce] Samba 4.20.3 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
smb.conf changes
================
Parameter Name Description Default
-------------- --...
2024 Aug 02
0
[Announce] Samba 4.20.3 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
smb.conf changes
================
Parameter Name Description Default
-------------- --...
2024 Jul 29
1
[Announce] Samba 4.21.0rc1 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...
2024 Jul 29
1
[Announce] Samba 4.21.0rc1 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...
2018 Mar 14
2
Samba, AD and devices compatibility...
Mandi! Andrew Bartlett via samba
In chel di` si favelave...
> > This mean that the printer try to auth in LDAP 'plain' (no SSL, no
> > TLS), and so samba refuse that?
> No, it means that Samba is refusing to accept a NTLM or Kerberos
> authenticated connection without SIGN or SEAL negotiated, as an
> attacker could take over an unprotected network connection and do
2024 Aug 20
0
[Announce] Samba 4.21.0rc3 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...
2024 Aug 20
0
[Announce] Samba 4.21.0rc3 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...
2024 Aug 27
0
[Announce] Samba 4.21.0rc4 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...
2024 Aug 27
0
[Announce] Samba 4.21.0rc4 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...
2024 Sep 02
0
[Announce] Samba 4.21.0 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...
2024 Sep 02
0
[Announce] Samba 4.21.0 Available for Download
...rrect tls channel bindings are required
'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
should be used now, as 'allow_sasl_over_tls' will generate a
warning in every start of 'samba', as well as '[samba-tool ]testparm'.
This is similar to LdapEnforceChannelBinding under
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
on Windows.
All client tools using ldaps also include the correct
channel bindings now.
NEW FEATURES/CHANGES
====================
LDB no longer a standalone tarball
----------------------------------
LDB, Samba's LDAP-like loc...