Advanced features of Samba Active Directory

• Reinforcing the security of your Samba Active Directory domain
  • Turning off null session connections
  • Turning off NetBIOS
  • Disabling printer support
  • Turning off NTLMv1
  • Replacing the certificate with a certificate validated by your Organization
  • Generating additional password hashes
  • Protecting DNS fields wpad and isatap
  • Limiting the range of dynamic ports
  • Limiting the subnets that can do DNS recursion
  • Auditing DNS Bind queries
  • Auditing access to SYSVOL and NetLogon directories
  • Limiting kerberos cipher suites
• Applying a password strategy with Samba-AD
  • Creating a password rule for Administrators
  • Validating differentiated password strategies
• Configuring LAPS for Samba-AD
  • Changing administration rights for the correct operation of LAPS
  • Configuring the LAPS deployment GPO
  • Validating that LAPS is working properly
  • Installing LAPS on client workstations
• Resetting the krbtgt account password
  • Explanation of the concept and differences between Microsoft-AD and Samba-AD
  • Getting the KRBTGT password change script
  • Changing the KRBTGT password on a Samba-AD
• Configuring Rsyslog for Samba-AD
  • On the host to audit
  • On the host that concentrates the logs
• Configuring Fail2ban for Samba-AD
  • How do I unlock a machine after cleaning?
• Backing up and restoring a Samba domain
  • Renaming a Samba domain
• Storing Bitlocker keys in Samba Active Directory
• Auditing Samba-AD with PingCastle
• Change Domain Controler IP Address
• Deny service account open Windows session
  • Target
  • Configuration

Samba-AD and MS-AD

• Adding a Windows AD to your Samba Active Directory domain
  • Microsoft Active Directory 2012R2
• Migrating a Samba domain to a Microsoft domain
  • Presentation of the procedure
• Adding a Samba-AD in a Microsoft Active Directory domain