Errata overview
Errata ID 419
Date 2016-04-12
Source package univention-samba4
Fixed in version 3.0.39-40.663.201604081315
This update sets the new smb.conf option 'ldap server require strong auth'
to 'allow_sasl_over_tls'. Additionally it configures 'tls verify peer' to

The raised security requirements of Samba server components may require
config adjustments for older clients. Univention Corporate Client (UCC) 1.0
running a Linux kernel version prior to 3.8 for example require an adjustment
of the mount.cifs options. In that case the value for mount option "sec"
needs to be adjusted to "ntlmsspi", e.g. by setting

ucr set ucc/mount/cifshome/options="serverino,sec=ntlmsspi"

UCC 2.x clients (i.e. Linux kernel above 3.8) don't require this adjustment.
Additional notes
UCS Bug number #40990