You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are several settings which should be enabled in samba by default - to ensure a secure samba setup.
I'll gladly make a PR - but wanted to hear how you wanted it implemented?
I was thinking these should just be part of args for samba class - with the below (safe) defaults:
server signing = mandatory
server min protocol = SMB2
tls verify peer = as_strict_as_possible
ldap server require strong auth = yes
raw NTLMv2 auth = no
several of these options are new - in centos atleast - due them being backported to fix security issues. So it might give issues with older samba servers (which will then be insecure)
The text was updated successfully, but these errors were encountered:
Hi,
As listed here:
https://access.redhat.com/articles/2243351
There are several settings which should be enabled in samba by default - to ensure a secure samba setup.
I'll gladly make a PR - but wanted to hear how you wanted it implemented?
I was thinking these should just be part of args for samba class - with the below (safe) defaults:
server signing = mandatory
server min protocol = SMB2
tls verify peer = as_strict_as_possible
ldap server require strong auth = yes
raw NTLMv2 auth = no
several of these options are new - in centos atleast - due them being backported to fix security issues. So it might give issues with older samba servers (which will then be insecure)
The text was updated successfully, but these errors were encountered: