12870 – No way to disable the NETLOGON server on the file server

Bug 12870 - No way to disable the NETLOGON server on the file server

Summary: No way to disable the NETLOGON server on the file server

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DCE-RPCs and pipes (show other bugs)
Version:	4.6.5
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-07-03 04:35 UTC by Andrew Bartlett
Modified:	2017-07-16 21:35 UTC (History)
CC List:	0 users

See Also:

Attachments
patch for master (3.17 KB, text/plain) 2017-07-03 04:35 UTC, Andrew Bartlett	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2017-07-03 04:35:06 UTC

Created attachment 13340 [details]
patch for master

File servers should not be running the NETLOGON server or accept schannel authentication.

We had a security issue in NETLOGON a while back, which would have been avoided for most of our users if we had this protection.

Comment 1 Andrew Bartlett 2017-07-16 21:35:08 UTC

Fixed by e23e8d9ff9144dabea8738c9ab28862c5996c9a8 in master for Samba 4.7