Web lists-archives.com

Re: [Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM




Citando Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>:

On Wed, 2017-04-12 at 20:31 +0000, Leonardo Bruno Lopes wrote:
Dean Andrew and List,

I posted here  
 >>https://lists.samba.org/archive/samba/2017-April/207671.html<<;
that  
my problem was solved, but I have the following question:

What is the possible security issues that may come from removing
the  
'supplementalCredentials' attribute?

Thanks,
Leonardo

The KDC will no longer be able to issue AES encrypted tickets, just as
if you had just upgraded from a NT4-like/classic Samba domain.

Otherwise nothing too drastic at this time, but we might start storing
more information there in the future, which is why this is an internal
control not really intended for external use.

Hi Andrew.

My password policy forces users to change their passwords every 12 months.

So we hope soon the get this to the 'most correct use'.

Thank you so much.

Regards,
Leonardor


Andrew Bartlett

--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.




--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba