support security flaw feature fixes #21
Description
Hi,
As listed here:
https://access.redhat.com/articles/2243351
There are several settings which should be enabled in samba by default - to ensure a secure samba setup.
I'll gladly make a PR - but wanted to hear how you wanted it implemented?
I was thinking these should just be part of args for samba class - with the below (safe) defaults:
server signing = mandatory
server min protocol = SMB2
tls verify peer = as_strict_as_possible
ldap server require strong auth = yes
raw NTLMv2 auth = no
several of these options are new - in centos atleast - due them being backported to fix security issues. So it might give issues with older samba servers (which will then be insecure)