samba.git/docs-xml, branch talloc-2.4.0 Unnamed repository; edit this file 'description' to name the repository. CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server. 2023-01-09T14:23:36+00:00 Samuel Cabrero scabrero@samba.org 2023-01-09T11:17:48+00:00 02fba22b8c9e9b33ab430555ef45500c45eaa9d1 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 wbinfo: Add --change-secret-at=dcname 2022-12-21T19:10:35+00:00 Ralph Boehme slow@samba.org 2022-11-22T13:40:07+00:00 52cdf1d93a24a6e5cbdf4e23a28e05971ea5adc3 Add WHATSNEW.txt entry and update wbinfo man page. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Add WHATSNEW.txt entry and update wbinfo man page.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
CVE-2022-37966 samba-tool: add 'domain trust modify' command 2022-12-13T13:07:30+00:00 Stefan Metzmacher metze@samba.org 2022-12-06T11:55:45+00:00 d1999c152acdf939b4cd7eb446dd9921d3edae29 For now it only allows the admin to modify the msDS-SupportedEncryptionTypes values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> 
For now it only allows the admin to modify
the msDS-SupportedEncryptionTypes values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
CVE-2022-37966 param: Add support for new option "kdc supported enctypes" 2022-12-13T13:07:30+00:00 Stefan Metzmacher metze@samba.org 2022-11-29T13:13:36+00:00 36d0a495159f72633f1f41deec979095417a1727 This allows admins to disable enctypes completely if required. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This allows admins to disable enctypes completely if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default 2022-12-13T13:07:30+00:00 Stefan Metzmacher metze@samba.org 2022-11-30T08:05:51+00:00 fa64f8fa8d92167ed15d1109af65bbb4daab4bad In order to allow better upgrades we need the default value for smb.conf to the same even if the effective default value of the software changes in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys" 2022-12-13T13:07:29+00:00 Andrew Bartlett abartlet@samba.org 2022-11-18T00:44:28+00:00 ee18bc29b8ef6a3f09070507cc585467e55a1628 Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes" 2022-12-13T13:07:29+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-11-15T05:14:36+00:00 d861d4eb28bd4c091955c11669edcf867b093a6f This matches the Windows registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
This matches the Windows registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
CVE-2022-37966 docs-xml/smbdotconf: "kerberos encryption types = legacy" should not be used 2022-12-13T13:07:29+00:00 Stefan Metzmacher metze@samba.org 2022-12-05T20:31:37+00:00 a4f6f51cbed53775cdfedc7eec2f28c7beb875cc BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options 2022-12-13T13:07:29+00:00 Stefan Metzmacher metze@samba.org 2022-11-25T15:53:35+00:00 7732a4b0bde1d9f98a0371f17d22648495329470 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
CVE-2022-38023 docs-xml/smbdotconf: document "server reject md5 schannel:COMPUTERACCOUNT" 2022-12-13T13:07:29+00:00 Stefan Metzmacher metze@samba.org 2022-11-25T13:02:11+00:00 2ad302b42254e3c2800aaf11669fe2e6d55fa8a1 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>