Bug 12870 - No way to disable the NETLOGON server on the file server
Summary: No way to disable the NETLOGON server on the file server
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.6.5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2017-07-03 04:35 UTC by Andrew Bartlett
Modified: 2017-07-16 21:35 UTC (History)
0 users

See Also:

patch for master (3.17 KB, text/plain)
2017-07-03 04:35 UTC, Andrew Bartlett
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2017-07-03 04:35:06 UTC
Created attachment 13340 [details]
patch for master

File servers should not be running the NETLOGON server or accept schannel authentication.

We had a security issue in NETLOGON a while back, which would have been avoided for most of our users if we had this protection.
Comment 1 Andrew Bartlett 2017-07-16 21:35:08 UTC
Fixed by e23e8d9ff9144dabea8738c9ab28862c5996c9a8 in master for Samba 4.7