The Samba-Bugzilla – Attachment 14505 Details for
Bug 13624
STATUS_SESSION_EXPIRED error is returned unencrypted, if the request was encrypted
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible patches for master
tmp.diff.txt (text/plain), 1.93 KB, created by
Stefan Metzmacher
on 2018-10-01 08:47:16 UTC
(
hide
)
Description:
Possible patches for master
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2018-10-01 08:47:16 UTC
Size:
1.93 KB
patch
obsolete
>From 3aaaf3cef7a35250566eb79b8f412419af05ae66 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 12 Sep 2018 11:28:24 +0200 >Subject: [PATCH] WHATSNEW.txt: announce 4.9.0 trust improvements > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > WHATSNEW.txt | 32 ++++++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 07cd9f2fc061..7c71544bac71 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -265,6 +265,38 @@ feature, currently it should be enabled from the DNS Manager tool from > Windows. Also the feature needs to have been enabled by setting the smb.conf > parameter "dns zone scavenging = yes". > >+Improved support for trusted domains (as AD DC) >+----------------------------------------------- >+ >+The support for trusted domains/forests has been further improved. >+ >+External domain trusts, as well a transitive forest trusts, >+are supported in both directions (inbound and outbound) >+for Kerberos and NTLM authentication. >+ >+The following features are new in 4.9 (compared to 4.8): >+ >+- It's now possible to add users/groups of a trusted domain >+ into domain groups. The group memberships are expanded >+ on trust boundaries. >+- foreignSecurityPrincipal objects (FPO) are now automatically >+ created when members (as SID) of a trusted domain/forest >+ are added to a group. >+- The 'samba-tool group *members' commands allow >+ members to be specified as foreign SIDs. >+ >+However there are currently still a few limitations: >+ >+- Both sides of the trust need to fully trust each other! >+- No SID filtering rules are applied at all! >+- This means DCs of domain A can grant domain admin rights >+ in domain B. >+- Selective (CROSS_ORIGANIZATION) authentication is >+ not supported. It's possible to create such a trust, >+ but the KDC and winbindd ignore them. >+- Samba can still only operate in a forest with just >+ one single domain. >+ > CTDB changes > ------------ > >-- >2.17.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14505">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13624
: 14505 |
14519
|
14520
|
14521