[Samba] Printserver after latest MS updates
cn at brain-biotech.de
cn at brain-biotech.de
Tue Oct 19 12:37:55 UTC 2021
Hello you all,
Microsoft is still trying to fix the PrintNightmare bugs. And after the
latest patch day we see lots of NTLMv2 auths on our printserver. And
_only_ on our printserver and not on any other member servers.
It is not that Kerberos does not work. I can ssh into that machine using
Kerberos I can connect with smbclient with kerberos. Also the logs are
really spammed with those messages. And it all started after we released
the last patchday updates from MS.
This is on RockyLinux with Samba Version 4.14.8 from Sernet. Also had
the same Problem on 4.14.7. smb.conf is below.
Everything seems to work as expected. It just is the number of NTLMv2
auths that made me look at this more closely.
Anyone seen something similar?
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]:
[2021/10/19 14:22:55.209081, 3]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]: Auth:
[winbind,NTLM_AUTH, nss_winbind, 1003] user [DOMAIN-02]\[user] at [Tue,
19 Oct 2021 14:22:55.209056 CEST] with [NTLMv2] status [NT_STATUS_OK]
workstation [HOST] remote host [unix:] became [DOMAIN-02]\[user]
[S-1-5-21-XXX-XXX-XXX-xxxx]. local host [unix:]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19
14:22:55.209404, 3]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: Auth:
[DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Tue, 19 Oct 2021
14:22:55.209385 CEST] with [NTLMv2] status [NT_STATUS_OK] workstation
[HOST] remote host [ipv4:yyy.yyy.yyy.yyy:49949] became
[DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host
[ipv4:yyy.yyy.yyy.xxxx:445]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19
14:22:55.213366, 4]
../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
Successful AuthZ: [DCE/RPC,NTLMSSP] user [DOMAIN-02]\[user]
[S-1-5-21-XXX-XXX-XXX-xxxx] at [Tue, 19 Oct 2021 14:22:55.213356 CEST]
Remote host [ipv4:yyy.yyy.yyy.yyy:49949] local host
[ipv4:yyy.yyy.yyy.xxxx:445]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]:
[2021/10/19 14:22:55.272006, 3]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]: Auth:
[winbind,NTLM_AUTH, nss_winbind, 1003] user [DOMAIN-02]\[user] at [Tue,
19 Oct 2021 14:22:55.271994 CEST] with [NTLMv2] status [NT_STATUS_OK]
workstation [HOST] remote host [unix:] became [DOMAIN-02]\[user]
[S-1-5-21-XXX-XXX-XXX-xxxx]. local host [unix:]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19
14:22:55.272247, 3]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: Auth:
[DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Tue, 19 Oct 2021
14:22:55.272236 CEST] with [NTLMv2] status [NT_STATUS_OK] workstation
[HOST] remote host [ipv4:yyy.yyy.yyy.yyy:49949] became
[DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host
[ipv4:yyy.yyy.yyy.xxxx:445]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19
14:22:55.275198, 4]
../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
Successful AuthZ: [DCE/RPC,NTLMSSP] user [DOMAIN-02]\[user]
[S-1-5-21-XXX-XXX-XXX-xxxx] at [Tue, 19 Oct 2021 14:22:55.275188 CEST]
Remote host [ipv4:yyy.yyy.yyy.yyy:49949] local host
[ipv4:yyy.yyy.yyy.xxxx:445]
smb.conf
[global]
netbios name = Printserver
server string = Printserver
security = ADS
realm = HQ.DOMAIN.DE
workgroup = DOMAIN-02
max log size = 50000
disable netbios = yes
smb ports = 445
server min protocol = SMB2
client min protocol = SMB2
#log level = 4
log level = 1 auth_audit:5
logging =syslog only
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
writeable =YES
map acl inherit = yes
store dos attributes = yes
inherit acls = Yes
username map = /etc/samba/smbusers
interfaces = lo eth0
bind interfaces only = Yes
##idmap##
# Default idmap config used for BUILTIN and local windows
accounts/groups
idmap config *:backend = tdb
idmap config *:range = 1000000-2000000
# idmap config for domain DOMAIN-02
idmap config DOMAIN-02:backend = ad
idmap config DOMAIN-02:range = 500-65555
idmap config DOMAIN-02:schema_mode = rfc2307
idmap config DOMAIN-02:unix_nss_info = yes
winbind use default domain = Yes
winbind offline logon = yes
winbind refresh tickets = yes
#Printing
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolss: architecture = Windows x64
[printers]
path = /var/spool/samba/
printable = yes
printing = cups
[print$]
path = /srv/samba_printer_drivers/
read only = no
--
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development
BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list