return lp_ctx->sDefault;
}
+int lpcfg_rpc_low_port(struct loadparm_context *lp_ctx)
+{
+ return lp_ctx->globals->rpc_low_port;
+}
+
+int lpcfg_rpc_high_port(struct loadparm_context *lp_ctx)
+{
+ return lp_ctx->globals->rpc_high_port;
+}
+
/**
* Convenience routine to grab string parameters into temporary memory
* and run standard_sub_basic on them.
/* this is used to prevent lots of mallocs of size 1 */
-static const char lpcfg_string_emtpy[] = "";
+static const char lpcfg_string_empty[] = "";
/**
Free a string value.
if (s == NULL) {
return;
}
- if (*s == lpcfg_string_emtpy) {
+ if (*s == lpcfg_string_empty) {
*s = NULL;
return;
}
lpcfg_string_free(dest);
if ((src == NULL) || (*src == '\0')) {
- *dest = discard_const_p(char, lpcfg_string_emtpy);
+ *dest = discard_const_p(char, lpcfg_string_empty);
return true;
}
lpcfg_string_free(dest);
if ((src == NULL) || (*src == '\0')) {
- *dest = discard_const_p(char, lpcfg_string_emtpy);
+ *dest = discard_const_p(char, lpcfg_string_empty);
return true;
}
return true;
}
+bool handle_rpc_server_dynamic_port_range(struct loadparm_context *lp_ctx,
+ struct loadparm_service *service,
+ const char *pszParmValue,
+ char **ptr)
+{
+ int low_port = -1, high_port = -1;
+ int rc;
+
+ if (pszParmValue == NULL || pszParmValue[0] == '\0') {
+ return false;
+ }
+
+ rc = sscanf(pszParmValue, "%d - %d", &low_port, &high_port);
+ if (rc != 2) {
+ return false;
+ }
+
+ if (low_port > high_port) {
+ return false;
+ }
+
+ if (low_port < SERVER_TCP_PORT_MIN|| high_port > SERVER_TCP_PORT_MAX) {
+ return false;
+ }
+
+ lp_ctx->globals->rpc_low_port = low_port;
+ lp_ctx->globals->rpc_high_port = high_port;
+
+ return true;
+}
+
bool handle_smb2_max_credits(struct loadparm_context *lp_ctx,
struct loadparm_service *service,
const char *pszParmValue, char **ptr)
lp_ctx->globals = talloc_zero(lp_ctx, struct loadparm_global);
/* This appears odd, but globals in s3 isn't a pointer */
lp_ctx->globals->ctx = lp_ctx->globals;
+ lp_ctx->globals->rpc_low_port = SERVER_TCP_LOW_PORT;
+ lp_ctx->globals->rpc_high_port = SERVER_TCP_HIGH_PORT;
lp_ctx->sDefault = talloc_zero(lp_ctx, struct loadparm_service);
lp_ctx->flags = talloc_zero_array(lp_ctx, unsigned int, num_parameters());
lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
- lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "false");
+ lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
/* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
- lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "True");
+ lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
+ lpcfg_do_global_parameter(lp_ctx, "allow dcerpc auth level connect", "False");
+
lpcfg_do_global_parameter(lp_ctx, "UnixExtensions", "True");
lpcfg_do_global_parameter(lp_ctx, "PreferredMaster", "Auto");
lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
- lpcfg_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR);
lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter(lp_ctx, "strict locking", "Auto");
+ lpcfg_do_global_parameter(lp_ctx, "strict sync", "yes");
+
lpcfg_do_global_parameter(lp_ctx, "map readonly", "yes");
lpcfg_do_global_parameter(lp_ctx, "allow trusted domains", "yes");
lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100");
+ lpcfg_do_global_parameter(lp_ctx, "smb2 leases", "yes");
+
+ lpcfg_do_global_parameter(lp_ctx, "kerberos encryption types", "all");
+
+ lpcfg_do_global_parameter(lp_ctx,
+ "rpc server dynamic port range",
+ "49152-65535");
+
/* Allow modules to adjust defaults */
for (defaults_hook = defaults_hooks; defaults_hook;
defaults_hook = defaults_hook->next) {