Re: [Samba] 4.2.14 (or newer) support "Windows for Workgroups 3.1a"?
- Date: Tue, 1 May 2018 11:02:39 +0200
- From: Andrea Baldoni via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] 4.2.14 (or newer) support "Windows for Workgroups 3.1a"?
On Mon, Apr 30, 2018 at 07:57:32PM +0100, Rowland Penny via samba wrote:
> I understand about CNC, nobody thinks about the builtin PC going
> obsolete before the machine wears out, so you end up a machine that is
> virtually obsolete.
> If it does, then creating a VM to run a Unix domain member in, would be
> a good idea.
I will do it, security is never enough, however I would like to understand
better if concerns are on
the need of lowering AD DC security to permit WfWg to connect
[lanman auth = yes, server signing = disabled]
here I agree, better to let the AD DC run at full security and have a
secondary samba member run at lower
the danger the WfWg machines could pose to the network, thus they need to
run on a separate LAN
of course those machines aren't there for customers to "browse the internet,
open emails and download malware" - no software that connect to the outside
world is installed there
the danger the win 7/10 machines (that actually are there also for customers to
"browse the internet") could pose to WfWg, spreading virus and malware to
them, thus WfWg need to run on a separate LAN
this has some fundament, I suppose WfWg TCP stack is vulnerable to every kind
of remote attacks; I doubt that modern virii still have code able to
exploit any, but of course it's possible that a malicious user, knowing that,
target those machines from the LAN
It's interesting to note that, with two samba, it's not difficult to implement
LAN separation while at the same time allow (indirectly) the windows 7/10
machines to share files with WfWg (that's exactly what they should do), while
using windows servers, the same thing would be much more difficult
to obtain, if even possible without recurring to third party softare.
> > dns forwarder = 127.0.0.1
> You seem to be using Bind9 for the dns server, so you don't need the
> 'dns forwarder' line, it should be in the bind configuration.
Yes, I use bind9. Thank you, I'll remove that line.
> > force create mode = 0600
> > force directory mode = 0700
> Sorry but this is a DC and all the 'force' lines etc do not work on a
I have already read that in the past, but actually they do, I tried right now
and I confirm it.
To unsubscribe from this list go to the following URL and read the