14955 – Disable NTLMSSP for ldap client connections (e.g. libads)

Bug 14955 - Disable NTLMSSP for ldap client connections (e.g. libads)

Summary: Disable NTLMSSP for ldap client connections (e.g. libads)

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.15.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jule Anger
QA Contact:	Samba QA Contact

URL:	https://gitlab.com/samba-team/samba/-...
Keywords:

Depends on:
Blocks:

Reported:	2022-01-21 23:31 UTC by Stefan Metzmacher
Modified:	2022-03-15 13:25 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
patch for v4-15 (26.50 KB, patch) 2022-01-24 09:11 UTC, Pavel Filipenský	metze: review+ asn: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2022-01-21 23:31:19 UTC

client use kerberos = required was not enforced for libads.

Comment 1 Samba QA Contact 2022-01-22 00:28:04 UTC

This bug was referenced in samba master:

afcdb090769f6f0f66428cd29f88b0283c6bd527
49d18f2d6e8872c2b0cbe2bf3324e7057c8438f4
7785eb9b78066f6f7ee2541cf72d80fcf7411329
5f6251abf2f468b3744a96376b0e1c3bc317c738
17ea2ccdabbe935ef571e1227908d51b755707bc
eb0fa26dce77829995505f542af02e32df088cd6
9624e60e8c32de695661ae8f0fb5f8f9d836ab95
fcf225a356abb06d1205f66eb79f707c85803cb5
f03abaec2abbd22b9dc83ce4a103b1b3a2912d96
fa5413b63c8f4a20ab5b803f5cc523e0658eefc9

Comment 2 Pavel Filipenský 2022-01-24 09:11:33 UTC

Created attachment 17118 [details]
patch for v4-15

Comment 3 Andreas Schneider 2022-01-24 09:30:08 UTC

Comment on attachment 17118 [details]
patch for v4-15

LGTM

Comment 4 Andreas Schneider 2022-01-24 09:30:35 UTC

Jule, can you please apply the patchset to 4.15? Thanks!

Comment 5 Jule Anger 2022-01-26 09:56:41 UTC

Pushed to autobuild-v4-15-test.

Comment 6 Samba QA Contact 2022-01-26 11:55:22 UTC

This bug was referenced in samba v4-15-test:

3485e6ccbe528df00d3eb2ba2d91356d1389e204
953b1027c7b41b70e6f77335f978a7766cff7c8c
130cde7b7b76d766e27b2d39389e24f52be3e4a1
105e53250a972c7d1fd3f6d088a5defc53be845e
2dde53993e981d52e12fd9c36d5183c5295a1613
78d342fb604278821d81e347b04094dbcb8b053e
c3c0bf8ec7c78f451f51485a8bc78f5b13988ab8
4853125524af4cd9569ac963c4506e46c81f5c32
8f3465680073c329406a154a53ba74a95179abd8
13e621aea074e5ac23538adff03794989629f9d4

Comment 7 Jule Anger 2022-01-26 12:11:56 UTC

Closing out bug report.

Thanks!

Comment 8 Samba QA Contact 2022-03-15 13:25:38 UTC

This bug was referenced in samba v4-15-stable (Release samba-4.15.6):

3485e6ccbe528df00d3eb2ba2d91356d1389e204
953b1027c7b41b70e6f77335f978a7766cff7c8c
130cde7b7b76d766e27b2d39389e24f52be3e4a1
105e53250a972c7d1fd3f6d088a5defc53be845e
2dde53993e981d52e12fd9c36d5183c5295a1613
78d342fb604278821d81e347b04094dbcb8b053e
c3c0bf8ec7c78f451f51485a8bc78f5b13988ab8
4853125524af4cd9569ac963c4506e46c81f5c32
8f3465680073c329406a154a53ba74a95179abd8
13e621aea074e5ac23538adff03794989629f9d4