On Wed, Jul 8, 2015 at 7:11 AM, Martin Møller Skarbiniks Pedersen <[email protected]> wrote: > Hi, > 209.1 only mnetions Samba 3. > However Samba 4 was released december 2012 and all > versions 3.6.3 and below of Samba has a serious security problem.
The good news is that Samba 4's CIFS/SMB implementation is little changed from Samba 3. Just incrementing the version is good enough. All other Samba 4 features are debated, and even disabled in some cases -- e.g., Domain Controller (DC) emulation on some distributions. Some are implementing it in another way, ironically one (IPA) is one that Microsoft actually likes. E.g., segmentation of IPA (POSIX) from AD (Windows) forests, with trusts between, Samba using POSIX groups for ACLs, which are populated with external Windows Security Groups (from the AD Domains), and vice-versa -- Windows Domain Logical Groups (DLG) for ACLs on Windows servers/resources, populated with POSIX groups (from the IPA Domains). > Also I am missing the great tools swat for configuration of samba in > objective 209.1 I've gone back and forth on this, but I think any coverage of the Samba Web Administration Tool (SWAT) needs to be very limited to identification and, at most, understanding. E.g,. in the case of the latter, knowing SWAT doesn't write out lines for defaults, etc... is the most knowledge I'd attempt to cover. -- Bryan J Smith - http://www.linkedin.com/in/bjsmith _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
