mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
WHATSNEW: FAST support, Claims compression, SID compression
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
6844def667
commit
b9667bc29a
27
WHATSNEW.txt
27
WHATSNEW.txt
@ -98,6 +98,33 @@ samba-tool domain schemaupgrade --schema=2019
|
||||
samba-tool domain functionalprep --function-level=2016
|
||||
samba-tool domain level raise --domain-level=2016 --forest-level=2016
|
||||
|
||||
Kerberos Armoring (FAST) Support for Windows clients
|
||||
----------------------------------------------------
|
||||
|
||||
In domains where the domain controller functional level is set, as
|
||||
above, to 2012, 2012_R2 or 2016, Windows clients will, if configured
|
||||
via GPO, use FAST to protect user passwords between (in particular) a
|
||||
workstation and the KDC on the AD DC. This is a significant security
|
||||
improvement, as weak passwords in an AS-REQ are no longer available
|
||||
for offline attack.
|
||||
|
||||
Claims compression in the AD PAC
|
||||
--------------------------------
|
||||
|
||||
Samba as an AD DC will compress "AD claims" using the same compression
|
||||
algorithm as Microsoft Windows.
|
||||
|
||||
Resource SID compression in the AD PAC
|
||||
--------------------------------------
|
||||
|
||||
Samba as an AD DC will now correctly populate the various PAC group
|
||||
membership buffers, splitting global and local groups correctly.
|
||||
|
||||
Additionally, Samba marshals Resource SIDs, being local groups in the
|
||||
member server's own domain, to only consume a header and 4 bytes per
|
||||
group in the PAC, not a full-length SID worth of space each. This is
|
||||
known as "Resource SID compression".
|
||||
|
||||
New samba-tool support for silos, claims, sites and subnets.
|
||||
------------------------------------------------------------
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user