similar to: SMB data transfer performance on AD mode

On Tue, 12 Sep 2017 19:30:42 +0100 Miguel Medalha via samba <samba at lists.samba.org> wrote: > Your problem probably comes from using the AD DC as a file server. > The file server should be separated, as recommended by the Samba > team. I get close to wire speed on dedicated member servers. > > With version 4.4.2, changes in behaviour for the "server signing" and

Hi Rowland The 4.5.10 was the newest of 4.5x series on that time, but the 4.5x series is still supported isn't it ? What shares are configured unproperly or like old samba way ? ----- Original Message ----- From: "samba" <samba at lists.samba.org> To: "samba" <samba at lists.samba.org> Sent: Tuesday, September 12, 2017 3:50:56 PM Subject: Re: [Samba] SMB

>> A - I thought badlock mitigation was about encrypting SMB traffic, at least most part of it. >> And this encryption of most part of data transfer could (or should) lower performances. >> It seems I was wrong: smallest part (something like commands) are encrypted but not SMB traffic (ie file transfer). >> This for SMB protocol prior to SMB3 (which comes with windows 8).

Hi all, A - I thought badlock mitigation was about encrypting SMB traffic, at least most part of it. And this encryption of most part of data transfer could (or should) lower performances. It seems I was wrong: smallest part (something like commands) are encrypted but not SMB traffic (ie file transfer). This for SMB protocol prior to SMB3 (which comes with windows 8). B - According to what I

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-5370 (Multiple errors in DCE-RPC code) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2113 (Missing TLS certificate

Release Announcements --------------------- This is a security release in order to address the following CVEs: o CVE-2015-5370 (Multiple errors in DCE-RPC code) o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP) o CVE-2016-2111 (NETLOGON Spoofing Vulnerability) o CVE-2016-2112 (LDAP client and server don't enforce integrity) o CVE-2016-2113 (Missing TLS certificate

On Fri, 21 Apr 2017 12:00:59 -0400 Eleuterio Contracampo via samba <samba at lists.samba.org> wrote: > [2017/04/21 12:47:55.219297, 0] > ../auth/gensec/gensec.c:257(gensec_verify_dcerpc_auth_level) > > Did not manage to negotiate mandetory feature SIGN for dcerpc > auth_level 6 > I think you may be running into an artefact of the badlock patches, for which Win7 will

I think the "client ip signing options" don't matter on the domain controller, since the domain controller is not functioning as a server. (If this was a samba member server, then it would matter.) You MAY want to try server signing = no On 04/25/17 12:14, Eleuterio Contracampo via samba wrote: > Just a follow-up. Still, no resolution. I've tried different

Just a follow-up. Still, no resolution. I've tried different combinations with "client ipc signing" without luck. A traffic dump shows the problem as: i) windows XP client sends a DCE/RPC SAMR command GetDomPwInfo ii) samba DC responds with DCE/RPC Fault nca_proto_error I've also tried fiddling with Local Security Policy registry values at the Win XP machine, but got nothing

Oops! I forgot the link. Sorry! https://www.samba.org/samba/history/samba-4.4.2.html

Hi, Microsoft some time ago introduced Hardened UNC Paths, and in April published the Badlock security fixes, which seem to be related to that. Samba at the same time published versions 4.4.1 (and 4.4.2). Even after reading the release notes of Samba 4.4.1 several times, I still do not know whether I must manually adjust smb.conf to be protected from these vulnerabilities. What I do know is

Thank you once again! I'll research that link, and let everyone interested know about the results. EC On Fri, Apr 21, 2017 at 12:50 PM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 21 Apr 2017 12:00:59 -0400 > Eleuterio Contracampo via samba <samba at lists.samba.org> wrote: > > > [2017/04/21 12:47:55.219297, 0] > >

ORACLE have released this patch for Solaris 10 - Samba v3.6.25: IDR152387-03 addressing CVE-2016-2118 (BADLOCK) and other CVEs for S10 SPARC Which has addressed our issue. Thanks -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Gaiseric Vandal Sent: 07 June 2016 14:51 To: samba at lists.samba.org Subject: Re: [Samba] Solaris 10 Configure failure

Do you know why Red Hat updated libtdb as part of their remediation for Badlock on Samba4? https://rhn.redhat.com/errata/RHSA-2016-0612.html On Thu, Jun 2, 2016 at 2:37 PM, Jeremy Allison <jra at samba.org> wrote: > On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote: > > Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba > 3.x > > imply an

On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote: > Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x > imply an upgrade to a non-vulnerable version of the tdb library? > > If so, can someone point me to any documentation on the tdb vulnerability? There were no tdb vulnerabilities in the badlock code release.

I hope that someone here can give some advice on the following: I have a Samba based Active Directory. A CentOS 7.6 machine runs as a file server and hosts the Windows user profiles for all the Windows workstations. Now management has decided that they need a Windows server for a couple of administrative applications, which need MS SQL Server. That would be the only role of this Windows.

On Tue, 2017-09-12 at 09:11 -0700, Jeremy Allison via samba wrote: > On Tue, Sep 12, 2017 at 12:52:29PM -0300, Dante Colo via samba wrote: > > Hi Everyone ! > > > > I note that all of samba AD server that i maintain are not so fast in terms of data transfer, more specifically none of them go over 40 MB/s , one particularly which i'm trying to find out why doesn't go

Thanks for your response, Rowland. Sorry for the late reply. Here is my smb.conf: [global] workgroup = grouptest1 server string = %h server (Samba NAS) dns proxy = no log file = /var/log/samba/log.%m max log size = 10000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server obey pam restrictions = yes unix password sync =

On 06/20/16 15:19, Rowland penny wrote: > On 20/06/16 19:53, Dale Schroeder wrote: >> On 06/17/2016 4:31 PM, peter lawrie wrote: >>> Hi all >>> About 18 months ago I connected 14 new Windows 7 PCs to a Centos5.1 >>> server >>> with samba3x as domain members. There are no other servers on site. >>> Today, I had to visit to connect up a PC in a

Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x imply an upgrade to a non-vulnerable version of the tdb library? If so, can someone point me to any documentation on the tdb vulnerability? Thanks, Sam