similar to: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases

Hi, this is a heads-up that there will be Samba security updates on Wednesday, May 24th. Please make sure that your Samba AD DCs will be updated immediately after the release! Impacted components: o AD DC LDAP Server (CVSS 7.5, high) Cheers, Karolin -- Karolin Seeger https://samba.org/~kseeger/ Release Manager Samba Team https://samba.org Team Lead Samba SerNet https://sernet.de

Hi, this is a heads-up that there will be Samba security updates on Wednesday, May 24th. Please make sure that your Samba AD DCs will be updated immediately after the release! Impacted components: o AD DC LDAP Server (CVSS 7.5, high) Cheers, Karolin -- Karolin Seeger https://samba.org/~kseeger/ Release Manager Samba Team https://samba.org Team Lead Samba SerNet https://sernet.de

I installed a third DC today. Replication works find, but as systemctl status samba-ad-dc showed an error w.r.t. dnsupdate I was running samba_dnsupdate ?verbose. Below is the output. It looks like there are some missing DNS records, but what are potential causes of this error: dns_tkey_gssnegotiate: TKEY is unacceptable I already checked what?s listed @

I need to implement split horizon DNS, as I have just one external IP address (dynamic.lindenberg.one in external DNS) but multiple internal ones. External requests are distributed by port or using sniproxy (in particular 443), and all externally visible names are in a distinct zone then my domain, but with an additional indirection: names like backup.lindenberg.one resolve to CNAME

In installed a new DC (Samba 4.12.8 on Ubuntu 20.4) and initially everything appeared to work smoothly. Now I experience issues: DCDIAG /s:cobra.samba.lindenberg.one Directory Server Diagnosis Performing initial setup: [cobra.samba.lindenberg.one] LDAP bind failed with error 1326, The user name or password is incorrect.. With the other DC (still samba 4.11.14 on Ubuntu

Hello Samba-ers, I tried to continue my Samba setup after a long pause doing other stuff. To recall, I want to run two Samba DCs for one domain as virtual machines on two Windows systems (I switched from VirtualBox to Hyper V, which helps to run them automatically at system startup, but I don´t think that really matters). Both DCs shall use themselves as DNS server as the VPN in between is

I set up a new windows machine and joined it to my existing domain (two Samba DCs). Now it turns out there is a computer in AD, but the associated DNS A/AAAA records of the new machine are missing. I already tried to leave and rejoin, but that didn?t fix the issue. Due to the long ACL I don?t really like the idea of creating the records manually. How can I fix or diagnose that situation?

You copied the certificate file?? Am 22. Juli 2019 12:46:34 MESZ schrieb Joachim Lindenberg <samba at lindenberg.one>: >Hi Stefan, >> pls show how you fixed it >See >https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Kerberos >for the test. My fix was to take the one generated on the newer DC also >to the older one. >Joachim --

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target ????????????????? of a symlink exists. https://www.samba.org/samba/security/CVE-2021-44141.html o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target ????????????????? of a symlink exists. https://www.samba.org/samba/security/CVE-2021-44141.html o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.

Hi Rowland, i.e. we probably have to help Jeremy finding a setup that makes this reproducible. Seriously this implies it can be a difference in users, authorizations, linux, samba, or windows installation or configuration. I was testing with a user that is a domain administrator. I just tested with a non-admin-user, also crashes. My samba is 4.10.6 from Louis running on Ubuntu 18.04.2 running

On https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#Online_DC_backup there is a comment ?you may want to specify a --configfile option so that the correct smb.conf settings get included in the backup.? Why does samba-tool not pick up the one it (or other parts of Samba) is compiled with automatically? Like `smbd -b | grep "CONFIGFILE" | sed -n -E

I figured it out myself. The kerberos configuration on the old dc cobra was bad ? no clue why it worked at all until yesterday. After fixing it, testing with kinit, and restarting the dc processes it resumed replication. Joachim Von: Joachim Lindenberg <samba at lindenberg.one> Gesendet: Friday, 19 July 2019 16:54 An: samba at lists.samba.org Betreff: replication stuck? Until

Hi Marco, anybody, > + must be 'privileged' container (no unprivileged ones) I have seen containers with and without calling for being privileged, but you never know without trying and testing carefully... Googling I found https://github.com/lxc/lxd/issues/3442#issuecomment-312560949 but I am not really clear about the conclusion. Does it really have to be privileged? Thanks & Best

On 14/11/2020 15:51, Rowland penny via samba wrote: > On 14/11/2020 12:56, Joachim Lindenberg via samba wrote: >> Sure. Here they are: >> >> root at cobra:/var/log/samba# cat /etc/apt/sources.list >> # See http://help.ubuntu.com/community/UpgradeNotes for how to >> upgrade to >> # newer versions of the distribution. >> deb

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members.

Hello Rowland, If someone wants full_audit, will adding 'vfs objects = full_audit' on a DC also have dfs_samba4 and acl_xattr enabled just because running on a DC, or would this cause both defaults to be turned off? Thanks, Joachim -----Urspr?ngliche Nachricht----- Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba Gesendet: Montag, 21. August 2023

I experienced a Windows Explorer crash in https://lists.samba.org/archive/samba/2019-July/224346.html as well... Try samba-tool ntacl sysvolreset (or check first). Joachim Lindenberg -----Urspr?ngliche Nachricht----- Von: Rowland penny <rpenny at samba.org> Gesendet: Monday, 15 July 2019 10:24 An: samba at lists.samba.org Cc: Jeremy Allison <jra at samba.org> Betreff: Re: [Samba]

Hi Joachim, > Op 15 feb 2024 om 23:09 heeft Joachim Lindenberg via samba <samba at lists.samba.org> het volgende geschreven: > > ?Hi Rowland, > No, I don?t have so many devices yet. Rowland believes that one should not use IPv6 internally. Many disagree. > But I know some organizations that want to switch to IPv6 consistently and you can rephrase my question to whether