diff options
author | Andrew Bartlett <abartlet@samba.org> | 2014-09-23 13:40:23 -0700 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-09-30 12:32:05 +0200 |
commit | 736098e2cf0fc63fb19525f265aff8e07cc7afba (patch) | |
tree | 375c2bed6ecdf1dfbcd35808482b6847b0ad1c4e /WHATSNEW.txt | |
parent | afe02d12f444ad9a6abf31a61f578320520263a9 (diff) | |
download | samba-736098e2cf0fc63fb19525f265aff8e07cc7afba.tar.gz |
WHATSNEW: Include info on secured winbindd connections
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0ab0561fc3b..78fc7779d3a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -90,6 +90,21 @@ services parameter specified should ensure they change 'winbind' to The 'samba' binary still manages the starting of this service, there is no need to start the winbindd binary manually. +Winbind now requires secured connections +======================================== + +To improve protection against rouge domain controllers we now require +that when we connect to an AD DC in our forest, that the connection be +signed using SMB Signing. Set 'client signing = off' in the smb.conf +to disable. + +Also and DCE/RPC pipes must be sealed, set 'require strong key = +false' and 'winbind sealed pipes = false' to disable. + +Finally, the default for 'client ldap sasl wrapping' has been set to +'sign', to ensure the integrity of LDAP connections. Set 'client ldap +sasl wrapping = plain' to disable. + Larger IO sizes for SMB2/3 by default ===================================== |