[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] Flooding Samba DC with random requests
From:       Julian Zielke via samba <samba () lists ! samba ! org>
Date:       2017-04-25 12:45:08
Message-ID: HE1PR07MB1179267F1B8177BCCFA70E2CC41E0 () HE1PR07MB1179 ! eurprd07 ! prod ! outlook ! com
[Download RAW message or body]

OK Thanks for your advise.

- Julian

-----Ursprüngliche Nachricht-----
Von: Rowland Penny [mailto:rpenny@samba.org]
Gesendet: Dienstag, 25. April 2017 14:41
An: samba@lists.samba.org
Cc: Julian Zielke <jzielke@next-level-integration.com>
Betreff: Re: [Samba] Flooding Samba DC with random requests

On Tue, 25 Apr 2017 12:07:35 +0000
Julian Zielke via samba <samba@lists.samba.org> wrote:

> Smb.conf on our clients:
> ==================
> #Ansible managed
> # global options
> [global]
> workgroup = NLI
> realm = NLI.LOCAL
> netbios name = xxxxxx
> server string = Samba AD Client Version %v
> security = ads
> password server = dc3.nli.local, dc4.nli.local, dc2.nli.local,
> dc1.nli.local, * server role = member server
> socket options = TCP_NODELAY SO_KEEPALIVE=4
> deadtime = 15
> 
> # winbind options
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> winbind offline logon = true
> winbind nested groups = yes
> winbind use default domain = yes
> winbind cache time = 300
> 
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /home/NLI.LOCAL/%U
> 
> # local user id mapping
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> 
> # domain user id mapping
> idmap config NLI : backend = rid
> idmap config NLI : range = 10000-999999
> 
> # log configuration
> log file = /var/log/samba/log.%m
> log level = 1
> max log size = 1000
> 
> # root to domain admin mapping
> username map = /etc/samba/user.map

It is probably as Andrew has said, but I would make a few changes to the clients \
smb.conf: Remove the  'password server' line, you should allow the client to find the \
DC via DNS Remove the 'socket options' line, this really isn't required now. Remove \
the 'winbind enum' lines, you definitely don't need these.

Rowland

Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für \
den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser \
E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der \
Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts \
dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender \
der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass \
die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte \
Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht

Important Note: The information contained in this e-mail is confidential. It is \
intended solely for the addressee. Access to this e-mail by anyone else is \
unauthorized. If you are not the intended recipient, any form of disclosure, \
reproduction, distribution or any action taken or refrained from in reliance on it, \
is prohibited and may be unlawful. Please notify the sender immediately. We also \
would like to inform you that communication via e-mail over the internet is insecure \
because third parties may have the possibility to access and manipulate e-mails.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[prev in list] [next in list] [prev in thread] [next in thread]