CVE-2020-1472 & SMB auth
I originally filed this against OmniOSCE but was advised it would be better posted here.
MSFT is pushing a new set of requirements for authenticating.
It looks like the native auth in OmniOS (based on illumos) runs afoul of this. We have auth configured via svc:/network/shares/group:smb (joined with "smbadm join") and we're seeing our primary OmniOS SMB/CIFS file server showing up in the DC's logs with:
"The Netlogon service allowed a vulnerable Netlogon secure channel connection.
Warning: This connection will be denied once the enforcement phase is released. To better understand the enforcement phase, please visit https://go.microsoft.com/fwlink/?linkid=2133485."
(This is with the temporary "let them in anyway" configuration in place.)
Are there plans to update the service to be compliant with the tighter requirements?