Revision 1.219 / (download) - annotate - [select for diffs], Tue Apr 12
17:42:09 2016 UTC (4 months, 3 weeks ago) by jca
Update to samba-4.3.6
i386 build by danj@, ok sthen@
The changelog between 4.1.23 and 4.3.6 is too big to be described here.
The point of updating now is that 4.1.x won't receive updates for the
freshly published security advisories. samba-4.3.8 will follow.
--without-acl-support \
Was introduced in the 4.3.6 update just before the big Samba security update for
CVE-2015-5370 (Multiple errors in DCE-RPC code)
CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
CVE-2016-2112 (LDAP client and server don't enforce integrity)
CVE-2016-2113 (Missing TLS certificate validation)
CVE-2016-2114 ("server signing = mandatory" not enforced)
CVE-2016-2115 (SMB IPC traffic is not integrity protected)
CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
Now to work out the implications of re-enabling it.
Ian McWilliam
________________________________________
From: owner-po...@openbsd.org [owner-po...@openbsd.org] on behalf of kasak
[ka...@kasakoff.net]
Sent: Friday, 9 September 2016 3:54 PM
Cc: ports@openbsd.org
Subject: Re: Samba as DC on OpenBSD 6.0 is unusable :(
09.09.2016 02:48, Ian McWilliam пишет:
> Have you tried
>
> vfs objects = xattr_tdb
>
> This will use a tdb database for storing extended attributes.
>
>
> Ian McWilliam
>
> ________________________________________
> From: owner-po...@openbsd.org [owner-po...@openbsd.org] on behalf of Jeremie
> Courreges-Anglas [j...@wxcvbn.org]
> Sent: Friday, 9 September 2016 7:01 AM
> To: kasak
> Cc: ports@openbsd.org
> Subject: Re: Samba as DC on OpenBSD 6.0 is unusable :(
>
> samba port maintainer here,
>
> kasak <ka...@kasakoff.net> writes:
>
>> Maybe I am doing something wrong ?
>>
>> I have tried to provision domain and got error that samba was compiled
>> without acl support.
>>
>> On some forums I found advice to use "--use-ntvfs" option when provisioning.
>>
>> But it appeared that samba-tool doesn't know about this option:
>>
>> $ doas samba-tool domain provision --use-ntvfs
>> Usage: samba-tool domain provision [options]
>>
>> samba-tool domain provision: error: no such option: --use-ntvfs
>>
>> I think this option was deprecated in new versions of samba, but i was
>> not able to find information about it.
> No idea what went wrong in the last updates. IIUC it's just a matter of
> fixing domain provisioning, which used to work fine. I'll take a look
> at this soon(tm).
>
>> So, is it really possible to use OpenBSD as a DC?
> Everything is possible, but our lack of ACLs and extended attributes
> make OpenBSD a poor choice for samba, even if upstream supports backends
> that don't suffer these limitations. From my POV, net/samba is here
> first for simple file sharing and client libraries support.
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
It did not help
