similar to: Samba 4 - disabling SSLv3 to mitigate POODLE effects

No patch available now. Download the source code and modified the source code yourself, and then compile it. -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 10:01 PM To: Kelvin Yip Cc: samba at lists.samba.org; samba-bounces at lists.samba.org Subject: Re: [Samba] Samba 4 -

I have file a bug and modified the source code to make samba4 do not use SSLV3, but I am not able to make a patch to this. https://bugzilla.samba.org/show_bug.cgi?id=11076 -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 4:48 PM To: samba at lists.samba.org Subject: [Samba] Samba

Good Day All Sorry if this is a repeated email, but I need some information about how to disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is reporting the POODLE vulnerability and we are not allowed to have any of that in our environment. the nessus scan reports poodle vulnerability on all these ports: 443, 636, 3269 I had a look at previous posts but couldn't find a

Arg... that's a problem now.. we are not allowed to complie third party software in our dev enviroment, we are only allowed to use packages (that's why we use sernet-samba, which in fairness is great!). any plan to release a proper patch? ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin,

Thanks Kelvin I'm a bit confised tho, is this patch already avaiable? if yes, what is the parameter that disable ssl into the smb.conf? Maybe the guys from Enterprise samba have already included the patch into their releases so it's just a maatter of enabling the flag. I'm using sernet-samba-4.2.2 Thanks!

On Wed, 2016-12-07 at 12:23 +0000, Chris Alavoine via samba wrote: > Hi all, > > I've now upgraded to Samba-4.5.2 and I've tried running: > > samba-tool domain tombstones expunge > > but I simpley get: > > Removed 0 objects and 0 links successfully, however I'm still seeing > several hundred errors when running a dbcheck with the "not remocing

Hi there, I would like to setup a Samba 4 member server to act as a separate fileserver within my Samba 4 domain. Does anyone have any recommendations for this setup? I've tried to create one following this: https://wiki.samba.org/index.php/Samba4/Domain_Member Which seems to work ok until I try to change any permission on any shares (or anything within the shares). I then get

Hey all, I'm trying to create a .deb installable package of Samba4 so I can add it to my local repository and install from there. Main reason for this is I want to automate Samba builds using puppet. Has anyone had any experience/success with this? I've tried various methods using dh make etc but no luck so far. Thanks, Chris. -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob

Hi all, I can't seem to figure this one out. I have a test rig Samba 4 VM up and running nicely. Have imported my old Samba 3 directory and am using nslcd to get users and groups back to *nix. I have a perl login script which generates on-the-fly .bat scripts per user as they login using the root preexec and postexec commands in my smb.conf (which worked out of the box with Samba 4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, As most of you already know, there is an important SSLv3 vulnerability (CVE-2014-3566 - see https://access.redhat.com/articles/1232123) , known as Poodle. While it's easy to disable SSLv3 in the allowed Protocols at the server level (for example SSLProtocol All -SSLv2 -SSLv3 for apache), some clients are still defaulting to SSLv3, and Koji

Hi Marc, Thanks for your reply. We are using BIND9_DLZ currently as the DNS backend I manually selected a replication partner (the FSMO roles DC). We do have some errors when doing a dbcheck but I'm not able to fix them. I've detailed this in another post. Here is an example of each type: Example1: *ERROR: incorrect GUID component for member in object

Hi all, I currently have 5 DC's all running 4.1.5 and would like to upgrade them to 4.1.11. Should I upgrade the FSMO DC first and then the others or perhaps the other way around? Can anyone see any pitfalls here? Also, should I just: 1. stop samba 2. ./conffigure && make && make install 3. restart samba ? I am also planning on switching to BIND_DLZ (currently running

Hi gents, I have a problem with winbindd uid/gid numbering on my Samba4 domain member server. This is my smb.conf: [global] netbios name = DOM-MEMBER workgroup = EXAMPLE security = ADS realm = EXAMPLE.COM encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 500-100000 idmap config ESSENCE:backend = ad idmap config ESSENCE:schema_mode =

Hi there, I noticed this bug as we were due to put this into production and wondered if anyone else had seen similar. When browsing a PDC share on Samba 4.1.4 (like Sysvol or netlogon or any other newly created one) from a Windows box we see this error: "\\pdc\share refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure

Hi there, I currently have 9 x Samba 4.6.3 Domain Controllers happily replicating and working nicely. We use BIND_DLZ DNS. I have been tasked with adding a Windows 2008 R2 DC to this group which I have done following this guide: https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD All appears to have gone well and replication is working according to

Hi all, A bit of back story. A few years back we upgraded our Samba3 domain to Samba4 using the classicupgrade method. After a few stumbles we got there and now have 9 DC's globally all running 4.5.0. We dropped the ball when naming our domain and now need to change it. This has led me down the path of attempting to join a Windows Server 2008 R2 machine as a DC and then run the RENDOM tool

Hi all, I've recently upgraded all our DC's (we have 9 spread over various global Sites) to 4.5.0. I run a dbcheck on our FSMO-owner DC once per day from a cron job and this threw up a ton of errors on the first pass after the upgrade. After running it several times with the --fix flag I've got the errors down to 603 but these last errors are refusing to be removed. Here is an

Hi Rowland, Thanks for the swift response. I'm not married to SSSD and am happy to use the best tool for the job, but was just looking for some general advice on my situation. I'll post on the sssd-users mailing as well. Thanks, Chris. On 7 November 2017 at 15:38, Rowland Penny <rpenny at samba.org> wrote: > On Tue, 7 Nov 2017 15:06:55 +0000 > Chris Alavoine via samba

Hi all, Am having problems adding a new DC to a Site that doesn't already have a DC in the same subnet. Whenever I try and do a domain join specifying a nearby DC in a different subnet I get this: ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run

Hi all, We are about to integrate a large number of users into our organisation and I've been tasked with attempting to allow said users access to our internal systems which are controlled from 10 x Samba 4.6.3 DC's across several sites. All Samba DC's are running either Ubuntu 14.04 or 16.04. Replication works nicely between these DC's and this system has been relatively stable