search for: metzmach

...it's a good time to cut a new release. Also, note that I've transplanted the cifs-utils manpage to the Samba Wiki. The old URL still works and redirects browsers to the new page. o hardcoded paths in the cifs.upcall manpage are rewritten at build time o a cifs.upcall pathset from Stefan Metzmacher to add GSSAPI checksums to the SPNEGO blob. This is necessary for interoperability with certain krb5 implementations (EMC's specifically) o cifs.upcall can now use the system-default keytab for automatic mounts o mount.cifs handles the cruid= option in a similar fashion to the uid= mo...

Hi, here're patches to avoid a database corruption with linked attributes, e.g. member/memberOf. See https://bugzilla.samba.org/show_bug.cgi?id=13228 As a temporary solution admins can add "server services = -kcc" to the global section of smb.conf. Also DO NOT repair the following errors with samba-tool dbcheck! "Remove duplicate links in attribute" and "ERROR:

https://bugzilla.samba.org/show_bug.cgi?id=5324 Summary: with option --xattrs the process rsync is more long time Product: rsync Version: 3.0.0 Platform: x86 OS/Version: Other Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: fauthier@free.fr

14.07.2023 22:20, Vincent S. Cojot via samba wrote: > > Thanks Michael for doing this, > > I've used your patch ( fix-unsupported-netr_LogonGetCapabilities-l2.patch ) to also update my RHEL8 packages for 4.17.9 ( [1] ). Correction. This is not my patch, this is a patch by Stefan Metzmacher (and I kept his name in there in this file), which is available at the samba bug about this, see attachment at: https://bugzilla.samba.org/show_bug.cgi?id=15418 This is the place where I've got it. It is Stefan who gets credits here, not me, and that's the person who should be thanked...

FWIW, samba 4.20 broke kerberos auth in smbclient. Namely, this commit: commit ef205f6b52ea1fec13e647e15e4f3edf536fd93e Author: Stefan Metzmacher <metze at samba.org> Date: Thu Apr 14 15:23:13 2022 +0200 s3:gse: get an explicit ccache_name from creds and kinit if required This means we may call kinit multiple times for now, but we'll remove the kinit from the callers soon. Before this one (using kinit): $...

...ouncements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows overwriting beyond of allocated array (CVE-2012-1182). ###################################################################### Reporting bugs & Development Discussion #######################################...

...ouncements ===================== Samba 3.6.4, 3.5.14 and 3.4.16 are security releases in order to address CVE-2012-1182. o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes: -------- o Stefan Metzmacher <metze at samba.org> *BUG 8815: PIDL based autogenerated code allows overwriting beyond of allocated array (CVE-2012-1182). ###################################################################### Reporting bugs & Development Discussion #######################################...

Hello all, I was reading up on SMB Direct support and it seems very interesting. I looked through slides of a presentation by Stefan Metzmacher about SMB Direct last year: https://www.samba.org/~metze/presentations/2018/SDC/StefanMetzmacher_SDC2018-SMB-Direct-Status-rev1-presentation.pdf I was wondering what the current support of of SMB Direct for Samba. I have a Windows 10 Pro for Workstations machine that supports SMB Direct nativel...

...0-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations. o Gary Lockyer <gary at catalyst.net.nz> * BUG 14497: CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge. o Stefan Metzmacher <metze at samba.org> * BUG 14497: CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no". CHANGES SINCE 4.13.0rc4 ======================= o Andreas Schneider <asn at samba...

...0-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations. o Gary Lockyer <gary at catalyst.net.nz> * BUG 14497: CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge. o Stefan Metzmacher <metze at samba.org> * BUG 14497: CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no". CHANGES SINCE 4.13.0rc4 ======================= o Andreas Schneider <asn at samba...

...0-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations. o Gary Lockyer <gary at catalyst.net.nz> * BUG 14497: CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge. o Stefan Metzmacher <metze at samba.org> * BUG 14497: CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no". CHANGES SINCE 4.13.0rc4 ======================= o Andreas Schneider <asn at samba...

...0-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations. o Gary Lockyer <gary at catalyst.net.nz> * BUG 14497: CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge. o Stefan Metzmacher <metze at samba.org> * BUG 14497: CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no". CHANGES SINCE 4.13.0rc4 ======================= o Andreas Schneider <asn at samba...

...more closely with Microsoft AD behaviour. If FAST needs to be disabled on your Samba KDC, set ?kdc enable fast = no in the smb.conf. The Samba project wishes to thank the numerous developers who have put in a massive effort to make this possible over many years.? In particular we thank Stefan Metzmacher, Joseph Sutton, Gary Lockyer, Isaac Boukris and Andrew Bartlett.? Samba's developers in turn thank their employers and in turn their customers who have supported this effort over many years. Certificate Auto Enrollment --------------------------- Certificate Auto Enrollment allows devices t...

...more closely with Microsoft AD behaviour. If FAST needs to be disabled on your Samba KDC, set ?kdc enable fast = no in the smb.conf. The Samba project wishes to thank the numerous developers who have put in a massive effort to make this possible over many years.? In particular we thank Stefan Metzmacher, Joseph Sutton, Gary Lockyer, Isaac Boukris and Andrew Bartlett.? Samba's developers in turn thank their employers and in turn their customers who have supported this effort over many years. Certificate Auto Enrollment --------------------------- Certificate Auto Enrollment allows devices t...

...*Systems Administrator *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja @ium.edu.na - Web: *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA On Tue, Jan 30, 2018 at 8:56 PM, Stefan Metzmacher via samba < samba at lists.samba.org> wrote: > Hi, > > as a lot of SerNet customers are having trouble with corrupted > linked attributes, my colleague Ralph Böhme and I developed > patches for 'samba-tool dbcheck' to recover the missing > forward links (in most c...

...sn at samba.org> * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14. * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name. * BUG 14479: The created krb5.conf for 'net ads join' doesn't have a domain entry. o Stefan Metzmacher <metze at samba.org> * BUG 14482: Fix build problem if libbsd-dev is not installed. CHANGES SINCE 4.13.0rc3 ======================= o David Disseldorp <ddiss at samba.org> * BUG 14437: build: Toggle vfs_snapper using "--with-shared-modules". o Volker Lendecke &lt...

...sn at samba.org> * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14. * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name. * BUG 14479: The created krb5.conf for 'net ads join' doesn't have a domain entry. o Stefan Metzmacher <metze at samba.org> * BUG 14482: Fix build problem if libbsd-dev is not installed. CHANGES SINCE 4.13.0rc3 ======================= o David Disseldorp <ddiss at samba.org> * BUG 14437: build: Toggle vfs_snapper using "--with-shared-modules". o Volker Lendecke &lt...

On Mon, 2018-01-22 at 11:34 +0100, Ralph Böhme via samba wrote: > On Mon, Jan 22, 2018 at 10:49:29AM +0100, Stefan Metzmacher via samba-technical wrote: > > Please review and push:-) > > lgtm&pushed. I'm also happy with them (but it is late here and so I didn't want to give that as a formal review till I woke up tomorrow :-). It took a moment to get why the 'unsorted' links were sorted...

Hi everyone! On 7/12/23 15:03, Samuel Wolf via samba wrote: > Any ideas what we can do/test? thanks to Stefan Metzmacher we have a working fix, it's available at the bugreport https://bugzilla.samba.org/show_bug.cgi?id=15418 We're just about to release updated SAMBA+ packages, hopefully distributions and other packagers pick up the fix quickly and ship updates. -slow -- Ralph Boehme, Samba Team...

Am 31.12.24 um 21:49 schrieb Michael Tokarev: > FWIW, samba 4.20 broke kerberos auth in smbclient.? Namely, this commit: > > commit ef205f6b52ea1fec13e647e15e4f3edf536fd93e > Author: Stefan Metzmacher <metze at samba.org> > Date:?? Thu Apr 14 15:23:13 2022 +0200 > > ??? s3:gse: get an explicit ccache_name from creds and kinit if required > > ??? This means we may call kinit multiple times for now, > ??? but we'll remove the kinit from the callers soon. > &g...