[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Samba - letztes Sicherheitsupdate - nix W98

On Mon, Dec 17, 2007 at 11:19:38AM +0100, Peter Velan wrote:
habe soeben das Sicherheitsupdate Samba 3.0.28-1~lenny1 eingespielt.
Alles Bestens bis auf die letzte noch verbliebene W98-Kiste bei uns im
Netzwerk: Samba verweigert der W98-Kiste den Zugang.

Wenn man schon Testing benutzt, sollte man die Changelogs und Readmes studieren (apt-listchanges hilft auch weiter).
Aus /usr/share/doc/samba/NEWS.Debian.gz:

samba (3.0.27a-2) unstable; urgency=low

  * Weak authentication methods are disabled by default

    Beginning with this version, plaintext authentication is disabled for
    clients and lanman authentication is disabled for both clients and
    servers.  Lanman authentication is not needed for Windows
    NT/2000/XP/Vista, Mac OS X or Samba, but if you still have Windows
    95/98/ME clients (or servers) you may need to set lanman auth (or client
    lanman auth) to yes in your smb.conf.

    The "lanman auth = no" setting will also cause lanman password hashes to
    be deleted from smbpasswd and prevent new ones from being written, so
    that these can't be subjected to brute-force password attacks.  This
    means that re-enabling lanman auth after it has been disabled is more
    difficult; it is therefore advisable that you re-enable the option as
    soon as possible if you think you will need to support Win9x clients.

    Client support for plaintext passwords is not needed for recent Windows
    servers, and in fact this behavior change makes the Samba client behave
    in a manner consistent with all Windows clients later than Windows 98.
    However, if you need to connect to a Samba server that does not have
    encrypted password support enabled, or to another server that does not
    support NTLM authentication, you will need to set
    "client plaintext auth = yes" and "client lanman auth = yes" in smb.conf.

 -- Steve Langasek <vorlon@debian.org>  Sat, 24 Nov 2007 00:23:37 -0800

Shade and sweet water!


| Stephan Seitz                    E-Mail: Nur-Ab-Sal@gmx.de |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |

Attachment: signature.asc
Description: Digital signature

Reply to: