[Samba] Printserver after latest MS updates

cn at brain-biotech.de cn at brain-biotech.de
Tue Oct 19 12:37:55 UTC 2021 

Hello you all,
Microsoft is still trying to fix the PrintNightmare bugs. And after the 
latest patch day we see lots of NTLMv2 auths on our printserver. And 
_only_ on our printserver and not on any other member servers.

It is not that Kerberos does not work. I can ssh into that machine using 
Kerberos I can connect with smbclient with kerberos. Also the logs are 
really spammed with those messages. And it all started after we released 
the last patchday updates from MS.
This is on RockyLinux with Samba Version 4.14.8 from Sernet. Also had 
the same Problem on 4.14.7. smb.conf is below.
Everything seems to work as expected. It just is the number of NTLMv2 
auths that made me look at this more closely.

Anyone seen something similar?


Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]: 
[2021/10/19 14:22:55.209081,  3] 
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]:   Auth: 
[winbind,NTLM_AUTH, nss_winbind, 1003] user [DOMAIN-02]\[user] at [Tue, 
19 Oct 2021 14:22:55.209056 CEST] with [NTLMv2] status [NT_STATUS_OK] 
workstation [HOST] remote host [unix:] became [DOMAIN-02]\[user] 
[S-1-5-21-XXX-XXX-XXX-xxxx]. local host [unix:]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19 
14:22:55.209404,  3] 
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:   Auth: 
[DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Tue, 19 Oct 2021 
14:22:55.209385 CEST] with [NTLMv2] status [NT_STATUS_OK] workstation 
[HOST] remote host [ipv4:yyy.yyy.yyy.yyy:49949] became 
[DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host 
[ipv4:yyy.yyy.yyy.xxxx:445]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19 
14:22:55.213366,  4] 
../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: 
Successful AuthZ: [DCE/RPC,NTLMSSP] user [DOMAIN-02]\[user] 
[S-1-5-21-XXX-XXX-XXX-xxxx] at [Tue, 19 Oct 2021 14:22:55.213356 CEST] 
Remote host [ipv4:yyy.yyy.yyy.yyy:49949] local host 
[ipv4:yyy.yyy.yyy.xxxx:445]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]: 
[2021/10/19 14:22:55.272006,  3] 
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]:   Auth: 
[winbind,NTLM_AUTH, nss_winbind, 1003] user [DOMAIN-02]\[user] at [Tue, 
19 Oct 2021 14:22:55.271994 CEST] with [NTLMv2] status [NT_STATUS_OK] 
workstation [HOST] remote host [unix:] became [DOMAIN-02]\[user] 
[S-1-5-21-XXX-XXX-XXX-xxxx]. local host [unix:]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19 
14:22:55.272247,  3] 
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:   Auth: 
[DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Tue, 19 Oct 2021 
14:22:55.272236 CEST] with [NTLMv2] status [NT_STATUS_OK] workstation 
[HOST] remote host [ipv4:yyy.yyy.yyy.yyy:49949] became 
[DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host 
[ipv4:yyy.yyy.yyy.xxxx:445]
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: [2021/10/19 
14:22:55.275198,  4] 
../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: 
Successful AuthZ: [DCE/RPC,NTLMSSP] user [DOMAIN-02]\[user] 
[S-1-5-21-XXX-XXX-XXX-xxxx] at [Tue, 19 Oct 2021 14:22:55.275188 CEST] 
Remote host [ipv4:yyy.yyy.yyy.yyy:49949] local host 
[ipv4:yyy.yyy.yyy.xxxx:445]



smb.conf

[global]
         netbios name = Printserver
         server string = Printserver
         security = ADS
         realm = HQ.DOMAIN.DE
         workgroup = DOMAIN-02
         max log size = 50000
         disable netbios = yes
         smb ports = 445
         server min protocol = SMB2
         client min protocol = SMB2
         #log level = 4
         log level = 1 auth_audit:5
         logging =syslog only
         kerberos method = secrets and keytab
         dedicated keytab file = /etc/krb5.keytab
         writeable =YES
         map acl inherit = yes
         store dos attributes = yes
         inherit acls = Yes
         username map = /etc/samba/smbusers

         interfaces = lo eth0
         bind interfaces only = Yes
         ##idmap##
         # Default idmap config used for BUILTIN and local windows 
accounts/groups
         idmap config *:backend = tdb
         idmap config *:range = 1000000-2000000

         # idmap config for domain DOMAIN-02
         idmap config DOMAIN-02:backend = ad
         idmap config DOMAIN-02:range = 500-65555
         idmap config DOMAIN-02:schema_mode = rfc2307
         idmap config DOMAIN-02:unix_nss_info = yes
         winbind use default domain = Yes
         winbind offline logon = yes
         winbind refresh tickets = yes

         #Printing
         rpc_server:spoolss = external
         rpc_daemon:spoolssd = fork
         spoolss: architecture = Windows x64

[printers]
        path = /var/spool/samba/
        printable = yes
        printing = cups

[print$]
        path = /srv/samba_printer_drivers/
        read only = no

-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

More information about the samba mailing list