similar to: Does WannaCry Ransmonware affect Samba?

On 2017-05-18 14:11, lingpanda101 via samba wrote: > Hello, > > Up till today I have only heard that it affects Windows clients and > Servers. However I received this today that sparked my question > > https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf > > > This suggests blocking port 445 for Samba

Hi all, Just out of curiosity: is there anything we can do, on the samba side, to counter the recent ransomware attacks? (or limit the damage done) I'm thinking like: limit the number of files per second a client (workstation) is allowed to edit, or some other smart tricks..? It would be nice if samba could be an extra layer of defense. Something perhaps a vfs module could help with..?

On 06/28/2017 07:13 AM, L.P.H. van Belle via samba wrote: > IMO, > > First secure your entry points.. Mail webserver and proxy and the exit points. ( your users environment in my case windows 7/10 desktops.) > > Im waiting until trevor has the antivirus vfs is ready for samba 4. > @David Disseldrop, you know the status about that, since it was you call to get it in samba. ;-)

On 09/30/2017 12:58 AM, Rowland Penny via samba wrote: > I understand that you have to use XP, but you don't have to use NTLM, > haven't you heard of 'wanacry' ? > Go here and read it:http://www.imss.caltech.edu/node/396 WannaCry did not infect XP or for that matter, Windows Nein, oops, Ten. Doesn't mean it couldn't if altered to do so: Reference:

Hi, we have updated our samba AD domain from 4.4.x to 4.5.x. The release notes for 4.5.0 included  "NTLMv1 authentication disabled by default". So we had to enable it to get our radius (freeradius) server working (for 802.1x). What would be the best way to change the freeradius configuration in such a way, that we can disable NTLMv1 again. The radius server is used for WLAN

I had to deal with ransomware at the end of April. One of the PCs on my customer's network was infected by opening a realistic looking email apparently from a genuine supplier to the company and personally addressed. The infection occurred on Wednesday, but encryption of the server only took place late on Friday afternoon, presumably having obtained encryption keys from the criminals. The

Dear list, Help! I just upgrade a samba server. Server: Fedora 26 samba-4.6.8-0.fc26.x86_64 Workstations (5 of them): XP Pro SP3 The old server was set up as a Domain controller. I copied the smb.conf over to the new server. The XP workstations can see and mount everything. On the workstations, I removed myself from the old domain and rebooted, powered off the old server,

Hi All, Is there anything in Samba that will help protect against ransomware? -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On 10/01/2017 10:03 PM, Reindl Harald (mobile) via samba wrote: > > Am 02.10.2017 um 06:35 schrieb ToddAndMargo via samba: >> M$'s patches/updates can be miserable and cause all kinds >> of havoc.  It is a judgment call on when and how to install >> M$'s patches/updates.  It is best to make sure you have a good >> anti-virus updated and running.  Your AV is

On Fri, May 05, 2017 at 10:21:05AM +0200, Sven Schwedas wrote: > On 2017-05-05 10:09, Volker Lendecke wrote: > > On Fri, May 05, 2017 at 09:42:47AM +0200, Sven Schwedas via samba wrote: > >>> root 9988 0.8 59.4 1571936 606488 ? S Apr26 114:41 /usr/sbin/samba > > > > Can you post /proc/9988/smaps somewhere? > > Sure,

Ok, rechecked this, your correct. This did work fine. In now at samba 4.6.7, you? This worked untill ( last i checked ) 4.6.5 :-(( now sysvolreset is totaly broken. :-(( New thing for my ToDo list.. Try this script, the rights are my defaults "after a sysvol reset" Place the script somewhere within /var/lib/samba Preffered that location . Run it with : bash script.sh sysvol/ !

I've wasted the last two days trying to get various versions of samba 4 packages getting to run under Wheezy. ? Wheezy's own packages are incomplete betas. ? Inverse provides their own packages (for SOGo), but they only care about getting their one use case to work; smbd doesn't work all, winbind has problems, and the postinst script resets my smb.conf with nonsense. Before I try

On Tue, Aug 25, 2015 at 08:36:14AM +0200, Sven Schwedas wrote: > On 2015-08-24 20:55, Jeremy Allison wrote: > > On Thu, Aug 13, 2015 at 09:21:23AM +0200, Sven Schwedas wrote: > > winbindd is extremely reliable and fully supported by the Samba > > Team, please don't post FUD about Samba components. If you have > > winbindd problems, post bug reports > > I did,

On Thu, Aug 13, 2015 at 09:21:23AM +0200, Sven Schwedas wrote: > > Depends on your needs. If you don't need samba file/printer sharing > /from/ the member, I'd recommend using SSSD. It's much more stable and > reliable than winbindd. Can't let comments like this pass. sssd does something slightly different than winbindd, so may or may not be what the person needs.

On Thu, Dec 4, 2014 at 5:19 AM, Sven Schwedas <sven.schwedas at tao.at> wrote: > Tbh, you might get away with using PCEngines' APU boards (the successor > to their Alix boards with a massively upgraded CPU) if individual > machines don't need RAID (because everything is replicated anyway). > I considered that, but what would you use for storage?? They have an mSATA

Am 28.09.2016 um 04:01 schrieb Steve Litt via samba: > Why would ANYBODY type a command when they could perform a bunch of > mouse clicks. Better yet, you can automate Windows tools with a screen > scraper and a keyboard injector, or with a top notch language like > Powershell or Visual Basic *lol* why would ANYBODY click in a GUI when he have a console - and i mean that really

On Mon, 13 Nov 2017 15:20:05 +0100 Sven Schwedas <sven.schwedas at tao.at> wrote: > > > PS, your configs are still wrong. > > It would be *really* helpful if you explained *why*. Sprinkling magic > pixie dust over random config files isn't exactly purposeful > debugging. > Lets start with /etc/krb5.conf Samba doesn't need most of what you will find in it,

On 2017-08-24 13:00, Rowland Penny via samba wrote: > On Thu, 24 Aug 2017 12:41:36 +0200 > Sven Schwedas via samba <samba at lists.samba.org> wrote: > >> On 2017-08-24 12:27, Rowland Penny via samba wrote: >>> On Thu, 24 Aug 2017 12:03:42 +0200 >>> Sven Schwedas via samba <samba at lists.samba.org> wrote: >>> >>>> >>>>

> Keytabs look reasonable, as far as I can see, but why does > graz-dc-sem have the same SPN output as graz-dc-1b in > addition to its own? A snapshotted server/cloned server? I dont know but thats not correct. I suggest, cleanup the DS with FSMO roles. Then remove a failty server and re-add it as a new installed DC. ( the good DS with FSMO) First backup:

Today's episode of "why is AD break", brought to you by: > [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0]