Univention Bugzilla – Bug 41033
Set "server signing = mandatory" in smb.conf (Samba/NT)
Last modified: 2020-07-03 20:54:08 CEST
Without 'ntlm auth = no', there may still be clients not using NTLMv2. The elder original protocol version sends the password hashes across the wire, which may be observed and brute-forced easily. As far as I currently know Samba/AD DCs running 4.3.7 will default to this setting, but for member/file-servers it would be good to adjust the default too.
We should also consider setting "smb signing = required", which also appears to be default for Samba 4.3.7 AD DCs.
It's "server signing = mandatory" instead of "smb signing = required".
*** Bug 47100 has been marked as a duplicate of this bug. ***
I'm not sure about setting "server signing" explicitly to "mandatory" by default for memberservers. I think we should default to the Samba behavior.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.