similar to: Test-ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023

Hi everyone! On 7/12/23 15:03, Samuel Wolf via samba wrote: > Any ideas what we can do/test? thanks to Stefan Metzmacher we have a working fix, it's available at the bugreport https://bugzilla.samba.org/show_bug.cgi?id=15418 We're just about to release updated SAMBA+ packages, hopefully distributions and other packagers pick up the fix quickly and ship updates. -slow -- Ralph

Where to get the patch? We are running samba 4.17.4 on debian11 . We compiled from source. Greetings Daniel -----Urspr?ngliche Nachricht----- Von: Ralph Boehme via samba [mailto:samba at lists.samba.org] Gesendet: Donnerstag, 13. Juli 2023 18:40 An: samba <samba at lists.samba.org> Betreff: Re: [Samba] Test-ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023 Hi

Hello all, https://bugzilla.samba.org/show_bug.cgi?id=15418#c20 "This could be a shortterm fix in order to behave like an unpatched windows server" What is the attack scenario of an unpatched windows server? After all Microsoft likely patched to fix an issue, the short term solution probably restores not only NLA but also the vulnerability.. I am not arguing against the fix, as the

On 7/14/23 09:41, Ralph Boehme via samba wrote: > On 7/14/23 07:42, Daniel M?ller wrote: >> Where to get the patch? >> We are running samba 4.17.4 on debian11 . We compiled from source. > > it's linked in the bugreport > > https://bugzilla.samba.org/show_bug.cgi?id=15418 > >

On 7/14/23 07:42, Daniel M?ller wrote: > Where to get the patch? > We are running samba 4.17.4 on debian11 . We compiled from source. it's linked in the bugreport https://bugzilla.samba.org/show_bug.cgi?id=15418 <https://cpaste.org/?df0494cac0063e2e#Cx69G684EBPQ71S6sAUVXSYburgV6gPyKHfPSbfmHZPJ> Hth! -slow -- Ralph Boehme, Samba Team https://samba.org/

The patch on Windows Server 2012 R2 that does the same thing as kb5028166 is KB5028228 > From: "Philippe LeCavalier" <support at plecavalier.com> > To: "Bo Kersey" <bo at vircio.com> > Cc: "samba" <samba at lists.samba.org> > Sent: Thursday, July 13, 2023 10:43:55 AM > Subject: Re: [Samba] Fwd: ComputerSecureChannel -Verbose False

On Thu, Jul 13, 2023 at 11:47?AM Bo Kersey <bo at vircio.com> wrote: > The patch on Windows Server 2012 R2 that does the same thing as kb5028166 > is KB5028228 > > > ------------------------------ > > *From: *"Philippe LeCavalier" <support at plecavalier.com> > *To: *"Bo Kersey" <bo at vircio.com> > *Cc: *"samba" <samba

13.07.2023 19:17, Adi Kriegisch wrote: > Hi! > >> I was looking at the code this morning trying to figure out how to >> reject packet with lvl2 properly, - unfortunately I don't know samba >> well enough to be able to find the place "quickly" and I got distracted >> by other things. It was my first thought when someone posted the debug >> info

Hi all, just fyi: https://lists.samba.org/archive/cifs-protocol/2023-July/004004.html Cheers! -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc:

Mandi! Ralph Boehme via samba In chel di` si favelave... > just fyi: > https://lists.samba.org/archive/cifs-protocol/2023-July/004004.html I see the reference from a Microsoft man on an internal ticket: TrackingID#2307130040007086 Can be plausible a client-side solution, via a registry/policy patch? Someone have some clue? Thanks. -- Il backup ? quella cosa che andava fatta

Yes, in my opinion quite an arrogancy... This is the translation of what I got from the supporter: "Our developers have discussed and have concluded that we stand by our previous statement and define the problem as a problem of Samba AD Server (4.17.*). Although Synology is an open source product based on Samba, but we don't always stick to it and adapt our own code in many

Sebastian Neustein wrote: > I have to migrate our data from one old samba server to a new one. Due > to various reasons we had to change some settings. Now I struggle to > get the acls right. > ?Previously the acls were stored via posix and extended attributes, > now they are stored only in extended attributes With the default settings of vfs_acl_xattr samba takes posix acls

On Mon, Aug 21, 2023 at 03:19:59PM +0200, Ralph Boehme wrote: >On 8/21/23 11:53, Jones Syue ??? via samba wrote: >>>OH - that's *really* interesting ! I wonder how it is >>>changing the SMB3+ redirector to do this ? >> >>It looks like applications could do something and give a hint to SMB3+ >>redirector, so far not quite sure how to make it, >>per

Hi Ralph > On 8/18/23 09:55, Sebastian Neustein via samba wrote: >> With the default settings of vfs_acl_xattr samba takes posix acls >> into account when delivering data - how can I activate >> "acl_xattr:ignore system acls = yes" >> without loosing the information saved in posix acls? Background: our >> future file system won't be able to support

Hello Jeremy, > OH - that's *really* interesting ! I wonder how it is > changing the SMB3+ redirector to do this ? It looks like applications could do something and give a hint to SMB3+ redirector, so far not quite sure how to make it, per process monitor (procmon) could show that write I/O size seems could be pass from the application layers,

Hi, I'm running Samba Active Directory 4.16.9 with packages from Sernet. Domain members are Linux servers (Ubuntu 20.04, RHEL 8) with Sernet Samba 4.16.x. I'm getting crazy with group memberships syncing from AD to Linux members. It is completely random as when changes in AD group are visible in Linux OS (or more precise: winbind), it might take minutes, hours or days as when these

Hello Ralph, Thanks for that hint about case sensitivity's performance penalty. For clarifaction: The user is doing mainly reads, so does the "create" you mention also cover opening/reading files? If only _creation_ of files is suffering from that we probably have some other/further performance issue. We have gpfs, which does not offer a case-insensitive mode, neither does the

Hi, all, I set smb2 max credits = 70 in smb.conf, but I find more than 200 read requests were sent to server in 3 seconds, and has no response during this period. Each read request's read len is 2MB, and they share the same "credit charge: 32". I want to restrict the read request number outstanding at the same time, i.e. client only send read request max to {max credits} before

On Sat, 2023-03-11 at 07:38 +0100, Ralph Boehme wrote: > On 3/11/23 04:33, Andrew Bartlett via samba wrote: > > On Fri, 2023-03-10 at 13:06 -0800, Ray Klassen via samba wrote: > > > I'm very interested in this. Can one of the devs elaborate on what has been > > > accomplished with this? Specifically, I'd like to know if the support is > > > bidirectional

Hi all! The 22nd International User and Developer Conference sambaXP will take place from 9th - 11th of May 2020 in G?ttingen, Germany. https://sambaxp.org/ New for this year's event: the Microsoft Interoperability Track on day 2. Looking forward to meet you there! -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead