We have just had an IT audit carried out on our SAP landscape. A critical rating was raised for Samba software installed on our Unix (AIX 6.1) servers, as the current version of Samba installed on our Unix servers(3.0.3) is out of date and has vulnerabilities which aren't considered acceptable.
We havebeen recommended to upgrade Samba to the latest stable version(4.0.7).
Our Unix boxes have AIX 6.1 installed with the latest version of Samba software certified by IBM (3.0.4). IBM do not support the latest version of Samba and only ships Samba version 3. Unless we install the latest version of Samba (4.0.7) this status will remain as critical. We use Samba to link our Central Instance (Unix) with Additional Application servers (Windows).
Has anyone experience the same issues during an IT audit? Can anyone advise us on what steps we can take to resolve the above? Is there any other software that we can use instead of Samba that is certified with SAP?
At the moment our only solution is to firewall the whole SAP Landscape, which is a hugh task.
Look forward to your suggestions
Vickie