Displaying 20 results from an estimated 400 matches similar to: "Samba 4 - disabling SSLv3 to mitigate POODLE effects"
2015 Jul 09
0
Samba 4 - disabling SSLv3 to mitigate POODLE effects
No patch available now. Download the source code and modified the source
code yourself, and then compile it.
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Mario Pio Russo
Sent: Wednesday, July 08, 2015 10:01 PM
To: Kelvin Yip
Cc: samba at lists.samba.org; samba-bounces at lists.samba.org
Subject: Re: [Samba] Samba 4 -
2015 Jul 08
0
Samba 4 - disabling SSLv3 to mitigate POODLE effects
I have file a bug and modified the source code to make samba4 do not use
SSLV3, but I am not able to make a patch to this.
https://bugzilla.samba.org/show_bug.cgi?id=11076
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Mario Pio Russo
Sent: Wednesday, July 08, 2015 4:48 PM
To: samba at lists.samba.org
Subject: [Samba] Samba
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Good Day All
Sorry if this is a repeated email, but I need some information about how to
disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is
reporting the POODLE vulnerability and we are not allowed to have any of
that in our environment.
the nessus scan reports poodle vulnerability on all these ports:
443, 636, 3269
I had a look at previous posts but couldn't find a
2015 Jul 09
1
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Arg... that's a problem now..
we are not allowed to complie third party software in our dev enviroment,
we are only allowed to use packages (that's why we use sernet-samba, which
in fairness is great!).
any plan to release a proper patch?
___________________________________________________________________________________________
Mario Pio Russo, System Admin SWG IT Services Dublin,
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Thanks Kelvin
I'm a bit confised tho, is this patch already avaiable? if yes, what is the
parameter that disable ssl into the smb.conf? Maybe the guys from
Enterprise samba have already included the patch into their releases so
it's just a maatter of enabling the flag.
I'm using sernet-samba-4.2.2
Thanks!
2016 Dec 08
1
Samba 4.5.0 dbcheck problems
On Wed, 2016-12-07 at 12:23 +0000, Chris Alavoine via samba wrote:
> Hi all,
>
> I've now upgraded to Samba-4.5.2 and I've tried running:
>
> samba-tool domain tombstones expunge
>
> but I simpley get:
>
> Removed 0 objects and 0 links successfully, however I'm still seeing
> several hundred errors when running a dbcheck with the "not remocing
2013 Jul 12
2
Samba 4 domain members
Hi there,
I would like to setup a Samba 4 member server to act as a separate
fileserver within my Samba 4 domain.
Does anyone have any recommendations for this setup?
I've tried to create one following this:
https://wiki.samba.org/index.php/Samba4/Domain_Member
Which seems to work ok until I try to change any permission on any shares
(or anything within the shares). I then get
2016 Apr 25
3
Package Samba4 as a .deb
Hey all,
I'm trying to create a .deb installable package of Samba4 so I can add it
to my local repository and install from there. Main reason for this is I
want to automate Samba builds using puppet.
Has anyone had any experience/success with this? I've tried various methods
using dh make etc but no luck so far.
Thanks,
Chris.
--
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob
2013 Aug 28
1
"groups" command not working as expected
Hi all,
I can't seem to figure this one out.
I have a test rig Samba 4 VM up and running nicely. Have imported my old
Samba 3 directory and am using nslcd to get users and groups back to *nix.
I have a perl login script which generates on-the-fly .bat scripts per user
as they login using the root preexec and postexec commands in my smb.conf
(which worked out of the box with Samba 4
2014 Oct 15
0
Koji/CBS infra and sslv3/Poodle important notification
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
As most of you already know, there is an important SSLv3 vulnerability
(CVE-2014-3566 - see https://access.redhat.com/articles/1232123) ,
known as Poodle.
While it's easy to disable SSLv3 in the allowed Protocols at the
server level (for example SSLProtocol All -SSLv2 -SSLv3 for apache),
some clients are still defaulting to SSLv3, and Koji
2016 Oct 14
4
Joining a Windows Server 2008 R2 to existing Samba4 domain
Hi Marc,
Thanks for your reply.
We are using BIND9_DLZ currently as the DNS backend
I manually selected a replication partner (the FSMO roles DC).
We do have some errors when doing a dbcheck but I'm not able to fix them.
I've detailed this in another post.
Here is an example of each type:
Example1:
*ERROR: incorrect GUID component for member in object
2014 Aug 21
2
Upgrading Samba in a Multi DC environment
Hi all,
I currently have 5 DC's all running 4.1.5 and would like to upgrade them to
4.1.11.
Should I upgrade the FSMO DC first and then the others or perhaps the other
way around?
Can anyone see any pitfalls here?
Also, should I just:
1. stop samba
2. ./conffigure && make && make install
3. restart samba
?
I am also planning on switching to BIND_DLZ (currently running
2014 Jul 01
4
Samba4 domain member
Hi gents,
I have a problem with winbindd uid/gid numbering on my Samba4 domain member
server.
This is my smb.conf:
[global]
netbios name = DOM-MEMBER
workgroup = EXAMPLE
security = ADS
realm = EXAMPLE.COM
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 500-100000
idmap config ESSENCE:backend = ad
idmap config ESSENCE:schema_mode =
2014 Feb 18
1
Problem browsing shares on 4.1.4 (Ubuntu 12.04)
Hi there,
I noticed this bug as we were due to put this into production and wondered
if anyone else had seen similar.
When browsing a PDC share on Samba 4.1.4 (like Sysvol or netlogon or any
other newly created one) from a Windows box we see this error:
"\\pdc\share refers to a location that is unavailable. It could be on a
hard drive on this computer, or on a network. Check to make sure
2017 May 11
2
Samba 4.6.3 DNS replication with Windows 2008 R2 DC
Hi there,
I currently have 9 x Samba 4.6.3 Domain Controllers happily replicating and
working nicely. We use BIND_DLZ DNS.
I have been tasked with adding a Windows 2008 R2 DC to this group which I
have done following this guide:
https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD
All appears to have gone well and replication is working according to
2016 Oct 14
2
Joining a Windows Server 2008 R2 to existing Samba4 domain
Hi all,
A bit of back story.
A few years back we upgraded our Samba3 domain to Samba4 using the
classicupgrade method. After a few stumbles we got there and now have 9
DC's globally all running 4.5.0.
We dropped the ball when naming our domain and now need to change it. This
has led me down the path of attempting to join a Windows Server 2008 R2
machine as a DC and then run the RENDOM tool
2016 Oct 12
4
Samba 4.5.0 dbcheck problems
Hi all,
I've recently upgraded all our DC's (we have 9 spread over various global
Sites) to 4.5.0.
I run a dbcheck on our FSMO-owner DC once per day from a cron job and this
threw up a ton of errors on the first pass after the upgrade. After running
it several times with the --fix flag I've got the errors down to 603 but
these last errors are refusing to be removed.
Here is an
2017 Nov 07
3
Attempting a trust between Samba and Windows AD DC
Hi Rowland,
Thanks for the swift response.
I'm not married to SSSD and am happy to use the best tool for the job, but
was just looking for some general advice on my situation.
I'll post on the sssd-users mailing as well.
Thanks,
Chris.
On 7 November 2017 at 15:38, Rowland Penny <rpenny at samba.org> wrote:
> On Tue, 7 Nov 2017 15:06:55 +0000
> Chris Alavoine via samba
2014 Jun 18
1
Unable to join a DC to a Site that doesn't already have a DC in that subnet
Hi all,
Am having problems adding a new DC to a Site that doesn't already have a DC
in the same subnet. Whenever I try and do a domain join specifying a nearby
DC in a different subnet I get this:
ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT')
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
2017 Nov 07
2
Attempting a trust between Samba and Windows AD DC
Hi all,
We are about to integrate a large number of users into our organisation and
I've been tasked with attempting to allow said users access to our internal
systems which are controlled from 10 x Samba 4.6.3 DC's across several
sites.
All Samba DC's are running either Ubuntu 14.04 or 16.04.
Replication works nicely between these DC's and this system has been
relatively stable