/* this is used to prevent lots of mallocs of size 1 */
-static const char lpcfg_string_emtpy[] = "";
+static const char lpcfg_string_empty[] = "";
/**
Free a string value.
if (s == NULL) {
return;
}
- if (*s == lpcfg_string_emtpy) {
+ if (*s == lpcfg_string_empty) {
*s = NULL;
return;
}
lpcfg_string_free(dest);
if ((src == NULL) || (*src == '\0')) {
- *dest = discard_const_p(char, lpcfg_string_emtpy);
+ *dest = discard_const_p(char, lpcfg_string_empty);
return true;
}
lpcfg_string_free(dest);
if ((src == NULL) || (*src == '\0')) {
- *dest = discard_const_p(char, lpcfg_string_emtpy);
+ *dest = discard_const_p(char, lpcfg_string_empty);
return true;
}
lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
+ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
- lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "false");
+ lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
/* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
lpcfg_do_global_parameter(lp_ctx, "ClientLanManAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "ClientNTLMv2Auth", "True");
lpcfg_do_global_parameter(lp_ctx, "LanmanAuth", "False");
- lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "True");
+ lpcfg_do_global_parameter(lp_ctx, "NTLMAuth", "False");
lpcfg_do_global_parameter(lp_ctx, "RawNTLMv2Auth", "False");
lpcfg_do_global_parameter(lp_ctx, "client use spnego principal", "False");
+ lpcfg_do_global_parameter(lp_ctx, "allow dcerpc auth level connect", "False");
+
lpcfg_do_global_parameter(lp_ctx, "UnixExtensions", "True");
lpcfg_do_global_parameter(lp_ctx, "PreferredMaster", "Auto");
lpcfg_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
lpcfg_do_global_parameter(lp_ctx, "require strong key", "True");
lpcfg_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
- lpcfg_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR);
lpcfg_do_global_parameter(lp_ctx, "ntp signd socket directory", dyn_NTP_SIGND_SOCKET_DIR);
lpcfg_do_global_parameter_var(lp_ctx, "dns update command", "%s/samba_dnsupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U");
lpcfg_do_global_parameter(lp_ctx, "client signing", "default");
+ lpcfg_do_global_parameter(lp_ctx, "client ipc signing", "default");
lpcfg_do_global_parameter(lp_ctx, "server signing", "default");
lpcfg_do_global_parameter(lp_ctx, "use spnego", "True");
lpcfg_do_global_parameter(lp_ctx, "aio max threads", "100");
+ lpcfg_do_global_parameter(lp_ctx, "smb2 leases", "yes");
+
+ lpcfg_do_global_parameter(lp_ctx, "kerberos encryption types", "all");
+
/* Allow modules to adjust defaults */
for (defaults_hook = defaults_hooks; defaults_hook;
defaults_hook = defaults_hook->next) {
return client_ipc_max_protocol;
}
+int lpcfg_client_ipc_signing(struct loadparm_context *lp_ctx)
+{
+ int client_ipc_signing = lpcfg__client_ipc_signing(lp_ctx);
+ if (client_ipc_signing == SMB_SIGNING_DEFAULT) {
+ return SMB_SIGNING_REQUIRED;
+ }
+ return client_ipc_signing;
+}
+
bool lpcfg_server_signing_allowed(struct loadparm_context *lp_ctx, bool *mandatory)
{
bool allowed = true;
case SMB_SIGNING_DESIRED:
case SMB_SIGNING_IF_REQUIRED:
break;
- case SMB_SIGNING_DEFAULT:
case SMB_SIGNING_OFF:
allowed = false;
break;
+ case SMB_SIGNING_DEFAULT:
+ case SMB_SIGNING_IPC_DEFAULT:
+ smb_panic(__location__);
+ break;
}
return allowed;