Displaying 20 results from an estimated 20000 matches similar to: "SMB encryption"
2016 Jun 03
0
SMB encryption
>> A - I thought badlock mitigation was about encrypting SMB traffic, at least most part of it.
>> And this encryption of most part of data transfer could (or should) lower performances.
>> It seems I was wrong: smallest part (something like commands) are encrypted but not SMB traffic (ie file transfer).
>> This for SMB protocol prior to SMB3 (which comes with windows 8).
2017 Sep 12
2
SMB data transfer performance on AD mode
On Tue, 12 Sep 2017 19:30:42 +0100
Miguel Medalha via samba <samba at lists.samba.org> wrote:
> Your problem probably comes from using the AD DC as a file server.
> The file server should be separated, as recommended by the Samba
> team. I get close to wire speed on dedicated member servers.
>
> With version 4.4.2, changes in behaviour for the "server signing" and
2016 Dec 05
2
Cannot map to other client shares
Suggested changes applied to smb.conf (and yes, server role is classic PDC):
server max protocol = NT1
client signing = auto
client ipc signing = auto
server signing = auto
With no apparent change to the behaviour or resolution to the problem(s).
I'm particularly mystified by the logging-in behaviour (that is, if I manage to do it quickly I can log in, but if I
2016 Dec 01
2
Cannot map to other client shares
I have had a very odd problem for a while now, and am hoping this will ring
a bell for someone who can point me in the right direction.
I had a previous Samba DC (v3.5.6) in my home network, running on a
command-line Slackware box. For a variety of reasons I decided to switch to
Debian Jessie, which included an upgrade to Samba 4.2.10.
I did NOT properly migrate my samba files to the new
2016 Apr 19
2
mount cifs
On 19-4-2016 9:18, Denis Cardon wrote:
> Hi lists at merit.unu.edu,
>
>> I updated our servers to 4.2.11, and I have a problem, but I'm not sure
>> if the problem is related to the update.
>
> I've had a call from a client yesterday who had issue with his copiers'
> scan2folder feature after badlock samba file server upgrade. The
> mount.cifs ntlm basic
2016 Apr 20
5
mount cifs
On 04/19/2016 3:49 PM, Helmut Hullen wrote:
> Hallo, Dale,
>
> Du meintest am 19.04.16:
>
>>>>> As for smb.conf options: similar on the DCs and the smbserver,
>>>>> with:
>>>>>
>>>>> server signing = mandatory
>>>>> ntlm auth = yes
>>>>> server min protocol = SMB2
>>>>> client max
2016 Jun 02
2
libtdb and BADLOCK (CVE-2016-2118)
Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x
imply an upgrade to a non-vulnerable version of the tdb library?
If so, can someone point me to any documentation on the tdb vulnerability?
Thanks,
Sam
2016 Jun 20
3
problem with domain and samba3x
On 20/06/16 19:53, Dale Schroeder wrote:
> On 06/17/2016 4:31 PM, peter lawrie wrote:
>> Hi all
>> About 18 months ago I connected 14 new Windows 7 PCs to a Centos5.1
>> server
>> with samba3x as domain members. There are no other servers on site.
>> Today, I had to visit to connect up a PC in a new location. As I would
>> normally do I checked for Centos
2016 Jun 01
3
Problems with OS X 10.11.5
I disabled client signing from the client side, via OS X's global nsmb.conf
file: https://discussions.apple.com/message/30282470#30282470
The performance was back to over 600 MB/s, as compared to 60 MB/s with
signing.
It just seems a bit weird to me that Apple, in response to the Badlock bug,
would have changed the OS X client default to something with such drastic
performance implications,
2016 Jun 12
0
Hardened UNC Paths, Badlock, encryption defaults?
Hi,
Microsoft some time ago introduced Hardened UNC Paths, and in April
published the Badlock security fixes, which seem to be related to that.
Samba at the same time published versions 4.4.1 (and 4.4.2).
Even after reading the release notes of Samba 4.4.1 several times, I
still do not know whether I must manually adjust smb.conf to be
protected from these vulnerabilities.
What I do know is
2017 Jan 22
4
答复: ??????: Is the "\\x.x.x.x" type tree connect request a client related feature?
Thanks for your reply, Louis
However, I am still blocked by this problem now. !-_-
I tried to set the samba server as the DNS server and visit the shared folder by input "\\aaa.bb.com" at windows 7 client. In some cases it works and will not fail.
However the similar abnormal phenomenon also occasionally happens (especially at changing the authentication, such as local to ldap):
1) I can
2016 Apr 14
1
Update from 3.5.10 to 3.6.23 broke cupsaddsmb
As an update to fix the badlock vulnerability I applied some updates to
our (RHEL5-based) samba printer server last night, taking it from version
0:3.5.10-0.109.el5_8 to 0:3.6.23-12.el5_11 (rpm package versions).
After this change attempts to add printer drivers with cupsaddsmb produced
errors of the form:
Running command: rpcclient localhost -N -A /tmp/cupsc7GVnF -c 'adddriver
2016 Jun 02
1
libtdb and BADLOCK (CVE-2016-2118)
Do you know why Red Hat updated libtdb as part of their remediation for
Badlock on Samba4?
https://rhn.redhat.com/errata/RHSA-2016-0612.html
On Thu, Jun 2, 2016 at 2:37 PM, Jeremy Allison <jra at samba.org> wrote:
> On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote:
> > Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba
> 3.x
> > imply an
2019 Feb 14
2
SMB Signing with "map to guest = " options
Hi,
I'm using samba-4.7.x
I have some confusions over "map to guest=" options with setting SMB Signing
1. Set "*Server signing =auto*", "*map to guest=bad uid*" and set "client
signing in windows 2k12 server group policy" to "Microsoft network client:
Digitally sign communications (Always)” = *Disable*"
SMB_Server is joined to Windows 2k12
2017 Sep 12
0
SMB data transfer performance on AD mode
Hi Rowland
The 4.5.10 was the newest of 4.5x series on that time, but the 4.5x series is still supported isn't it ? What shares are configured unproperly or like old samba way ?
----- Original Message -----
From: "samba" <samba at lists.samba.org>
To: "samba" <samba at lists.samba.org>
Sent: Tuesday, September 12, 2017 3:50:56 PM
Subject: Re: [Samba] SMB
2016 Jun 08
1
Solaris 10 Configure failure
ORACLE have released this patch for Solaris 10 - Samba v3.6.25:
IDR152387-03 addressing CVE-2016-2118 (BADLOCK) and other CVEs for S10 SPARC
Which has addressed our issue.
Thanks
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Gaiseric Vandal
Sent: 07 June 2016 14:51
To: samba at lists.samba.org
Subject: Re: [Samba] Solaris 10 Configure failure
2016 Apr 20
4
Ubuntu 14.04 samba update
When ubuntu 14.04 went from samba 4.1.6 to 4.3.8 it killed my setup. Before
the change I was able to run wbinfo -u and get a list of users. Now when I
run wbinfo -u it returns nothing. I tried dis-joining and rejoining the
domain with no luck,
Here is my complete smb.conf
[global]
security = ads
realm = SUBDOMAIN.DOMAIN.TOP
workgroup = SUBDOMAIN
idmap config * : backend = tdb
idmap config * :
2017 Apr 21
2
Fwd: Unable to change passwords from Win XP Pro clients
On Fri, 21 Apr 2017 12:00:59 -0400
Eleuterio Contracampo via samba <samba at lists.samba.org> wrote:
> [2017/04/21 12:47:55.219297, 0]
> ../auth/gensec/gensec.c:257(gensec_verify_dcerpc_auth_level)
>
> Did not manage to negotiate mandetory feature SIGN for dcerpc
> auth_level 6
>
I think you may be running into an artefact of the badlock patches, for
which Win7 will
2017 Sep 12
0
SMB data transfer performance on AD mode
Your problem probably comes from using the AD DC as a file server. The file server should be separated, as recommended by the Samba Wiki. I get close to wire speed on dedicated member servers.
With version 4.4.2, changes in behaviour for the "server signing" and "client signing" parameters were introduced to address the Badlock bug. Please read the following, specifically the
2015 Mar 16
2
RequireSecuritySignature=1 and public share with guest not working
Hi Rowland
sorry for not being clear.
In my first post I already wrote:
Now I have to tight security with setting those flags in the windows client:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
EnablePlainTextPassword=0
EnableSecuritySignature=1
RequireSecuritySignature=1
. . .
when I change registry to RequireSecuritySignature=0, everything works like