similar to: Is samba FIPS compliant ?

I'm checking back in to see if samba is FIPS compliant, as in using FIPS compliant algorithms ? Can it be built with openssl, which is FIPS compliant ? We're currently running 4.7.5. Please let me know. Regards, Mike

Thanks for the quick reply Jeremy. We have other FIPS compliant libraries, which check for, and ensure the proper FIPS compliant algorithms are used. Is there a link option to specify this kind of library ? ~ Mike -----Original Message----- From: Jeremy Allison <jra at samba.org> Sent: Tuesday, October 2, 2018 2:08 PM To: Tompkins, Michael <Michael.Tompkins at xerox.com> Cc:

I know SMB2 support was added for the smbclient in samba 4.1.0, but was SMB3 support also added ? Is there a way to just make smbclient ? Mike

Sorry about the lack of info. So in the wireshark trace, our printer smbclient 4.0.7 sends a Unicode value in Russian of ???? with a password of ????123. The server rejects the login attempt with STATUS_LOGON_FAILURE. The second attempt is with the linux version smbclient 4.0.7, and the same credentials to the same server work. The only thing I see different in the requests are the flags sent:

Hello All, Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now that a fips certified OpenSSL is now available at http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of any patches applicable for OpenSSH versions to make it fips compliant. Is there any idea for OpenSSH core team to make OpenSSH as fips compliant? What amount of work it needs at this

Hi OpenSSH mailing list, I would like to announce the newly introduced patch in Fedora rawhide [0] for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 version. The patch targets OpenSSL support of OpenSSH, specifically the usage of old low level API. The new OpenSSL version 3.0 introduces a FIPS module (going through FIPS 140-2 validation and to be FIPS 140-3

On Tue, 18 Apr 2023, Norbert Pocs wrote: > Hi OpenSSH mailing list, > > I would like to announce the newly introduced patch in Fedora rawhide [0] > for > > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 > > version. > > The patch targets OpenSSL support of OpenSSH, specifically the usage of > > old low level API. The new

On 4/18/23 05:05, Norbert Pocs wrote: > Hi OpenSSH mailing list, > > I would like to announce the newly introduced patch in Fedora rawhide [0] > for FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 > version. Why does Fedora care about FIPS 140? To me, this seems like it should be specific to RHEL and maybe CentOS Stream, not Fedora. My understanding

I''ve just posted a feature request <http://projects.puppetlabs.com/issues/8120> relating to FIPS 140-2 compliance. I''m pointing to it here on the mailing list because I listed there five places where Puppet (nay, Ruby!) crashed while I was testing a deployment using FIPS mode on all hosts. It crashed because it tried to use MD5, and OpenSSL in FIPS mode doesn''t let

Second request ... Thank you in advance ... - Mike Sent: Friday, April 10, 2015 2:16 PM To: samba at lists.samba.org Subject: smbclient 4.0.7 resolves host name to IP address for SMB2 but not NT1 We are having issues with smbclient 4.0.7 not working to clusters, because it's resolving the host name ( 'default service = dev3k1.my.domain.com' in smb.conf file ) to an IP address

We are trying to use Russian(Cyrillic) names in smbclient 4.3.3 but that does not seem to work. Previously we had a problem in 4.0.7 which the location of upcase.dat changed from 3.6.5. In 4.3.3, we don't see it trying to access that file, nor do I believe that file needs to be delivered anymore. Is there a new way to configure the printer to use Russian user names ? Mike

Our smbclient 3.6.5 and smbclient 4.0.7 does not work with SMB2/SMB3, which is a security concern for us. Is there a patch or a workaround that can be done for those releases? I've read that Apple made changes in Maverick 10.9, which now causes failures, but am hoping that something was done to support the MAC OS 10.9 releases. Regards, Mike Tompkins

We currently are running smbclient 4.0.7. Users need to add domain name or "\" before username for authentication to succeed. Otherwise, smbclient prepends WORKGROUP\ to username. In a particular environment, "WORKGROUP\username" does not have access to the user's home directory. If we add "workgroup =" parameter in smb.conf file, it now passes. Is it valid to

Hi, Here is FIPS 140-2 patch for OpenSSH 6.5p1. Since our expertise in OpenSSH code is limited, request moderators to validate this patch and update as required. Regards, Manish Jagtap

I am trying to use smbclient with a Russian login and it refuses the connection. This is with a smbclient compiled for our printers. If I use the linux version, downloaded from the samba site, it works correctly. I'm thinking it's how I have it configured, but I can't tell from the wireshark trace (included). Any help where I would look specifically in the code would be appreciated.

Dear Damien, On Wed, Apr 19, 2023 at 7:13?AM Damien Miller <djm at mindrot.org> wrote: > > On Tue, 18 Apr 2023, Norbert Pocs wrote: > > > Hi OpenSSH mailing list, > > > > I would like to announce the newly introduced patch in Fedora rawhide [0] > > for > > > > FIPS compliance efforts. The change will be introduced in an upcoming RHEL 9 > >

When we build smbclient 4.3.3 we now have 76 shared libraries to deliver with the smbclient binary. Is there any way to specify it statically linking the libraries so we only have to deliver an executable ? With 3.6.5 and 4.0.7, we only had 3 libraries, which was more more manageable. Thank you, Mike Tompkins

We are running Samba-4.6.6 and are running into an issue where it negotiates to a NetApp server but then the client stops the connection. 8262 2017-10-12 09:32:16.198917 10.136.78.14 10.128.101.128 TCP 66 45848 → 445 [FIN, ACK] Seq=403 Ack=581 Win=16768 Len=0 TSval=11546007 TSecr=3316317046 This is at a customer site, and we cannot recreate it here due to

"Tompkins, Michael via samba" <samba at lists.samba.org> writes: > I'm wondering if anyone else has any feedback on this or needs anymore info ? Can you provide the output of the failing command with full debug messages (-d10)? -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg,

Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and client (such as ssh-keygen) always