samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00

History

Andrew Bartlett e93d73b618 docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding

An RODC will forward an LDAP Simple bind, just like any other authentication,
when the password is not present locally.

If the full DC does not support NTLMv2 authentication this forwarded password
will be rejected.  A future Samba version should prefer Kerberos or send the
plaintext, but we can not change the MS Windows behaviour, so we document this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

2022-05-02 23:15:37 +00:00

accessbasedshareenum.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

aclflaginheritedcanonicalization.xml

loadparam: add option "acl flag inherited canonicalization"

2021-05-27 19:51:57 +00:00

aclgroupcontrol.xml

manpage: corrected small typo error

2015-11-02 14:43:15 +01:00

adminusers.xml

docs:smbdotconf: change type to cmdlist where needed.

2015-07-31 01:55:32 +02:00

algorithmicridbase.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

allowdcerpcauthlevelconnect.xml

CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"

2016-04-12 19:25:28 +02:00

allowtrusteddomains.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

binddnsdir.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

checkpasswordscript.xml

smbdotconf: mark "check password script" with substitution="1"

2019-11-27 10:25:34 +00:00

clientipcsigning.xml

docs-xml: Use 'desired' and 'required' for option 'client ipc signing'

2021-04-28 03:43:34 +00:00

clientlanmanauth.xml

docs: deprecate "client lanman auth"

2020-08-18 00:10:40 +00:00

clientntlmv2auth.xml

docs: deprecate "client NTLMv2 auth"

2020-08-18 00:10:40 +00:00

clientplaintextauth.xml

docs: deprecate "client plaintext auth"

2020-08-18 00:10:40 +00:00

clientprotection.xml

lib:param: Add 'client protection' config option

2021-04-28 03:43:34 +00:00

clientschannel.xml

docs-xml: deprecate "client schannel" and change the default to "yes"

2018-01-10 01:01:24 +01:00

clientsigning.xml

docs-xml: Use 'desired' and 'required' for option 'client signing'

2021-04-28 03:43:34 +00:00

clientsmbencrypt.xml

docs-xml: Add 'client smb encrypt'

2020-08-19 16:22:40 +00:00

clientsmbencryptionalgos.xml

docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values

2021-09-08 16:37:07 +00:00

clientsmbsigningalgos.xml

docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values

2021-09-08 16:37:07 +00:00

clientusekerberos.xml

lib:param: Add 'client use kerberos' config parameter

2021-04-28 03:43:34 +00:00

clientusepsnegoprincipal.xml

docs:smbdotconf: add deprecated flags where missing.

2015-07-31 01:55:31 +02:00

createmask.xml

docs:smbdotconf: change type to octal where needed

2015-07-31 01:55:32 +02:00

debugencryption.xml

docs-xml: add "debug encryption" global parm

2019-02-09 18:30:14 +01:00

dedicatedkeytabfile.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

directorymask.xml

docs:smbdotconf: change type to octal where needed

2015-07-31 01:55:32 +02:00

directorysecuritymask.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

encryptpasswords.xml

docs: Deprecate "encrypt passwords = no"

2019-09-05 02:45:28 +00:00

forcecreatemode.xml

docs:smbdotconf: change type to octal where needed

2015-07-31 01:55:32 +02:00

forcedirectorymode.xml

docs:smbdotconf: change type to octal where needed

2015-07-31 01:55:32 +02:00

forcedirectorysecuritymode.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

forcegroup.xml

smbdotconf: mark "force group" with substitution="1"

2019-11-27 10:25:33 +00:00

forcesecuritymode.xml

Documentation fixes for bug #9462 - Users can not be given write permissions any more by default

2012-12-05 16:35:07 -08:00

forceunknownacluser.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

forceuser.xml

smbdotconf: mark "force user" with substitution="1"

2019-11-27 10:25:33 +00:00

guestaccount.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

guestok.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

guestonly.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

hostsallow.xml

docs-xml: Update documentation for removal of NIS support

2021-04-22 17:57:30 +00:00

hostsdeny.xml

docs:smbdotconf: change type to cmdlist where needed.

2015-07-31 01:55:32 +02:00

inheritacls.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

inheritowner.xml

smbd: add an option to inherit only the UNIX owner

2016-08-10 08:18:17 +02:00

inheritpermissions.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

invalidusers.xml

docs-xml: Update documentation for removal of NIS support

2021-04-22 17:57:30 +00:00

kdcenablefast.xml

docs-xml: add 'kdc enable fast' option

2022-03-11 17:10:29 +00:00

kerberosencryptiontypes.xml

Correct "encyption" typos.

2017-02-22 08:26:23 +01:00

kerberosmethod.xml

docs:smbdotconf: add enumlist property to parameters where missing

2015-07-31 01:55:29 +02:00

kpasswdport.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

krb5port.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

lanmanauth.xml

s4-auth: Remove last traces of LanMan authentiation support in the AD DC.

2022-03-29 03:32:57 +00:00

lognttokencommand.xml

smbdotconf: mark "log nt token command" with substitution="1"

2019-11-27 10:25:35 +00:00

maptoguest.xml

docs:smbdotconf: add enumlist property to parameters where missing

2015-07-31 01:55:29 +02:00

mindomainuid.xml

CVE-2020-25717: loadparm: Add new parameter "min domain uid"

2021-11-09 19:45:32 +00:00

mitkdccommand.xml

docs-xml: remove SWAT specific flags

2019-11-27 10:25:37 +00:00

ntlmauth.xml

docs: Explain the impact of "ntlm auth = disabled" on simple bind forwarding

2022-05-02 23:15:37 +00:00

ntpsigndsocketdirectory.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

nullpasswords.xml

docs:smbdotconf: add deprecated flags where missing.

2015-07-31 01:55:31 +02:00

obeypamrestrictions.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

oldpasswordallowedperiod.xml

docs:smbdotconf: fix a typo in oldpasswordallowedperiod.xml

2020-12-17 13:59:37 +00:00

pampasswordchange.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

passdbbackend.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

passdbexpandexplicit.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

passwdchat.xml

docs-xml: Update documentation for removal of NIS support

2021-04-22 17:57:30 +00:00

passwdchatdebug.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

passwdchattimeout.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

passwdprogram.xml

smbdotconf: mark "passwd program" with substitution="1"

2019-11-27 10:25:35 +00:00

passwordhashgpgkeyids.xml

docs-xml/smbdotconf: add "password hash gpg key ids" option

2016-07-22 16:03:27 +02:00

passwordhashuserpasswordschemes.xml

docs: configuration options for extra password hashes

2017-05-25 02:25:12 +02:00

passwordserver.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

preloadmodules.xml

docs:smbdotconf: change type to cmdlist where needed.

2015-07-31 01:55:32 +02:00

privatedir.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

rawntlmv2auth.xml

docs: deprecate "raw NTLMv2 auth"

2020-08-18 00:10:40 +00:00

readlist.xml

docs:smbdotconf: change type to cmdlist where needed.

2015-07-31 01:55:32 +02:00

readonly.xml

docs:smbdotconf: 'write ok' is a synonym of 'writeable' not of 'read only'

2015-07-31 01:55:31 +02:00

renameuserscript.xml

smbdotconf: mark "rename user script" with substitution="1"

2019-11-27 10:25:36 +00:00

restrictanonymous.xml

docs-xml: Update documentation for 'restrict anonymous' option

2019-02-07 17:23:18 +01:00

rootdirectory.xml

smbdotconf: mark "root directory" with substitution="1"

2019-11-27 10:25:36 +00:00

sambakcccommand.xml

docs:smbdotconf: change type to cmdlist where needed.

2015-07-31 01:55:32 +02:00

security.xml

remove duplicate lines from 'man smb.conf'

2016-09-21 17:18:46 +02:00

securitymask.xml

Documentation fixes for bug #9462 - Users can not be given write permissions any more by default

2012-12-05 16:35:07 -08:00

serverrole.xml

CVE-2020-25717: Add FreeIPA domain controller role

2021-11-09 19:45:33 +00:00

serverschannel.xml

CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT'

2020-09-18 12:48:39 +00:00

serversigning.xml

CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality

2016-04-12 19:25:26 +02:00

serversmbencrypt.xml

param: Create and use enum_smb_encryption_vals

2020-08-19 16:22:40 +00:00

serversmbencryptionalgos.xml

docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values

2021-09-08 16:37:07 +00:00

serversmbsigningalgos.xml

docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values

2021-09-08 16:37:07 +00:00

smbencrypt.xml

param: Create and use enum_smb_encryption_vals

2020-08-19 16:22:40 +00:00

smbpasswdfile.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

tlscafile.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

tlscertfile.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

tlscrlfile.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

tlsdhparamsfile.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

tlsenabled.xml

docs:smbdotconf: remove swat-specific flags.

2015-05-02 00:56:31 +02:00

tlskeyfile.xml

docs-xml: remove explicit "constant"

2019-11-27 10:25:37 +00:00

tlspriority.xml

tls: Use NORMAL:-VERS-SSL3.0 as the default configuration

2020-07-01 14:56:33 +00:00

tlsverifypeer.xml

CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"

2016-04-12 19:25:25 +02:00

unixpasswordsync.xml

docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"

2016-07-22 16:03:27 +02:00

usernamelevel.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

usernamemap.xml

docs-xml: Update documentation for removal of NIS support

2021-04-22 17:57:30 +00:00

usernamemapcachetime.xml

docs:smbdotconf: make formatting of headers uniform.

2015-07-31 01:55:29 +02:00

usernamemapscript.xml

smb.conf.5: Fix a typo for "username map script"

2021-11-11 19:08:37 +00:00

validusers.xml

docs-xml: Update documentation for removal of NIS support

2021-04-22 17:57:30 +00:00

writeable.xml

docs:smbdotconf: 'write ok' is a synonym of 'writeable' not of 'read only'

2015-07-31 01:55:31 +02:00

writelist.xml

docs:smbdotconf: change type to cmdlist where needed.

2015-07-31 01:55:32 +02:00