Bug 12870 - No way to disable the NETLOGON server on the file server
No way to disable the NETLOGON server on the file server
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes
4.6.5
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-03 04:35 UTC by Andrew Bartlett
Modified: 2017-07-16 21:35 UTC (History)
0 users

See Also:


Attachments
patch for master (3.17 KB, text/plain)
2017-07-03 04:35 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2017-07-03 04:35:06 UTC
Created attachment 13340 [details]
patch for master

File servers should not be running the NETLOGON server or accept schannel authentication.

We had a security issue in NETLOGON a while back, which would have been avoided for most of our users if we had this protection.
Comment 1 Andrew Bartlett 2017-07-16 21:35:08 UTC
Fixed by e23e8d9ff9144dabea8738c9ab28862c5996c9a8 in master for Samba 4.7