similar to: Test-ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023

Hi everyone! On 7/12/23 15:03, Samuel Wolf via samba wrote: > Any ideas what we can do/test? thanks to Stefan Metzmacher we have a working fix, it's available at the bugreport https://bugzilla.samba.org/show_bug.cgi?id=15418 We're just about to release updated SAMBA+ packages, hopefully distributions and other packagers pick up the fix quickly and ship updates. -slow -- Ralph

Where to get the patch? We are running samba 4.17.4 on debian11 . We compiled from source. Greetings Daniel -----Urspr?ngliche Nachricht----- Von: Ralph Boehme via samba [mailto:samba at lists.samba.org] Gesendet: Donnerstag, 13. Juli 2023 18:40 An: samba <samba at lists.samba.org> Betreff: Re: [Samba] Test-ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023 Hi

Hello all, https://bugzilla.samba.org/show_bug.cgi?id=15418#c20 "This could be a shortterm fix in order to behave like an unpatched windows server" What is the attack scenario of an unpatched windows server? After all Microsoft likely patched to fix an issue, the short term solution probably restores not only NLA but also the vulnerability.. I am not arguing against the fix, as the

On 7/14/23 09:41, Ralph Boehme via samba wrote: > On 7/14/23 07:42, Daniel M?ller wrote: >> Where to get the patch? >> We are running samba 4.17.4 on debian11 . We compiled from source. > > it's linked in the bugreport > > https://bugzilla.samba.org/show_bug.cgi?id=15418 > >

On 7/14/23 07:42, Daniel M?ller wrote: > Where to get the patch? > We are running samba 4.17.4 on debian11 . We compiled from source. it's linked in the bugreport https://bugzilla.samba.org/show_bug.cgi?id=15418 <https://cpaste.org/?df0494cac0063e2e#Cx69G684EBPQ71S6sAUVXSYburgV6gPyKHfPSbfmHZPJ> Hth! -slow -- Ralph Boehme, Samba Team https://samba.org/

The patch on Windows Server 2012 R2 that does the same thing as kb5028166 is KB5028228 > From: "Philippe LeCavalier" <support at plecavalier.com> > To: "Bo Kersey" <bo at vircio.com> > Cc: "samba" <samba at lists.samba.org> > Sent: Thursday, July 13, 2023 10:43:55 AM > Subject: Re: [Samba] Fwd: ComputerSecureChannel -Verbose False

On Thu, Jul 13, 2023 at 11:47?AM Bo Kersey <bo at vircio.com> wrote: > The patch on Windows Server 2012 R2 that does the same thing as kb5028166 > is KB5028228 > > > ------------------------------ > > *From: *"Philippe LeCavalier" <support at plecavalier.com> > *To: *"Bo Kersey" <bo at vircio.com> > *Cc: *"samba" <samba

13.07.2023 19:17, Adi Kriegisch wrote: > Hi! > >> I was looking at the code this morning trying to figure out how to >> reject packet with lvl2 properly, - unfortunately I don't know samba >> well enough to be able to find the place "quickly" and I got distracted >> by other things. It was my first thought when someone posted the debug >> info

Hi all, just fyi: https://lists.samba.org/archive/cifs-protocol/2023-July/004004.html Cheers! -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc:

Mandi! Ralph Boehme via samba In chel di` si favelave... > just fyi: > https://lists.samba.org/archive/cifs-protocol/2023-July/004004.html I see the reference from a Microsoft man on an internal ticket: TrackingID#2307130040007086 Can be plausible a client-side solution, via a registry/policy patch? Someone have some clue? Thanks. -- Il backup ? quella cosa che andava fatta

And there has been some developement... test-computersecurechannel still reports True. But now test-computersecurechannel -repair now fails with "Test-ComputerSecureChannel: Cannot reset the secure channel password for the computer account in the domain. Operation failed with the following exception: The user name or password is incorrect." test-computersecurechannel -repair

On Tue, 4 Feb 2025 15:07:30 +0200 Virgo P?rna via samba <samba at lists.samba.org> wrote: > And there has been some developement... > > test-computersecurechannel > still reports True. > But now > test-computersecurechannel -repair > now fails with > "Test-ComputerSecureChannel: Cannot reset the secure channel password > for the computer account in the

I'ma having a strange issue with Samba 4.21.3 (from debian bookworm backports) and Windows 11 24H2 Pro, where domain user can no longer log in. Error is "The username or password is incorrect". Used to work with 4.17.12 from bookworm, but I upgraded, because ever since 24H2 upgrade there were issues with passwordless authentication between domain computers, when using RDP

On 29.01.2025 17:07, Rowland Penny via samba wrote: > On Wed, 29 Jan 2025 12:27:31 +0200 > Virgo P?rna via samba <samba at lists.samba.org> wrote: > >> # FLAG_ALLOW_RENAME 0x400000 >> systemFlags: 1073741824 >> >> Although 1073741824 is 0x4000 0000, not 0x40 0000 > > Setting systemFlags to 1073741824 does allow the object to be renamed, > so that

Yes, in my opinion quite an arrogancy... This is the translation of what I got from the supporter: "Our developers have discussed and have concluded that we stand by our previous statement and define the problem as a problem of Samba AD Server (4.17.*). Although Synology is an open source product based on Samba, but we don't always stick to it and adapt our own code in many

Sebastian Neustein wrote: > I have to migrate our data from one old samba server to a new one. Due > to various reasons we had to change some settings. Now I struggle to > get the acls right. > ?Previously the acls were stored via posix and extended attributes, > now they are stored only in extended attributes With the default settings of vfs_acl_xattr samba takes posix acls

On Tue, 4 Feb 2025 13:22:46 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 4 Feb 2025 15:07:30 +0200 > Virgo P?rna via samba <samba at lists.samba.org> wrote: > > > And there has been some developement... > > > > test-computersecurechannel > > still reports True. > > But now > > test-computersecurechannel

On 31.01.2025 10:42, Virgo P?rna via samba wrote: > > ????Interesting. Different error (I'm getting invalid username/ > password), but is worth checking. PC does not have Bitlocker > fortunately. And all the VM-s I have tested are running in same Win 11 > PC. I'll try clearing TMP on next office day (currently working remotely). TPM reset did not change anything

On Mon, Aug 21, 2023 at 03:19:59PM +0200, Ralph Boehme wrote: >On 8/21/23 11:53, Jones Syue ??? via samba wrote: >>>OH - that's *really* interesting ! I wonder how it is >>>changing the SMB3+ redirector to do this ? >> >>It looks like applications could do something and give a hint to SMB3+ >>redirector, so far not quite sure how to make it, >>per

Hi Ralph > On 8/18/23 09:55, Sebastian Neustein via samba wrote: >> With the default settings of vfs_acl_xattr samba takes posix acls >> into account when delivering data - how can I activate >> "acl_xattr:ignore system acls = yes" >> without loosing the information saved in posix acls? Background: our >> future file system won't be able to support