[Samba] Printserver after latest MS updates
Ingo Asche
foren at asche-rz.de
Tue Oct 19 14:02:10 UTC 2021
Same here...
Have set up one of my DCs new with the packages from Louis. This DC is
also my print server. Thought at first I made an error but yesterday I
found this:
https://www.bleepingcomputer.com/news/microsoft/new-windows-10-kb5006670-update-breaks-network-printing/
Taht's excatly the error I'm getting. But I couldn't check this with
uninstallting the last Windows patch until now.
Regards
Ingo
cn--- via samba schrieb am 19.10.2021 um 14:37:
> Hello you all,
> Microsoft is still trying to fix the PrintNightmare bugs. And after
> the latest patch day we see lots of NTLMv2 auths on our printserver.
> And _only_ on our printserver and not on any other member servers.
>
> It is not that Kerberos does not work. I can ssh into that machine
> using Kerberos I can connect with smbclient with kerberos. Also the
> logs are really spammed with those messages. And it all started after
> we released the last patchday updates from MS.
> This is on RockyLinux with Samba Version 4.14.8 from Sernet. Also had
> the same Problem on 4.14.7. smb.conf is below.
> Everything seems to work as expected. It just is the number of NTLMv2
> auths that made me look at this more closely.
>
> Anyone seen something similar?
>
>
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]:
> [2021/10/19 14:22:55.209081, 3]
> ../../auth/auth_log.c:653(log_authentication_event_human_readable)
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]: Auth:
> [winbind,NTLM_AUTH, nss_winbind, 1003] user [DOMAIN-02]\[user] at
> [Tue, 19 Oct 2021 14:22:55.209056 CEST] with [NTLMv2] status
> [NT_STATUS_OK] workstation [HOST] remote host [unix:] became
> [DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host [unix:]
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
> [2021/10/19 14:22:55.209404, 3]
> ../../auth/auth_log.c:653(log_authentication_event_human_readable)
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: Auth:
> [DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Tue, 19 Oct 2021
> 14:22:55.209385 CEST] with [NTLMv2] status [NT_STATUS_OK] workstation
> [HOST] remote host [ipv4:yyy.yyy.yyy.yyy:49949] became
> [DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host
> [ipv4:yyy.yyy.yyy.xxxx:445]
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
> [2021/10/19 14:22:55.213366, 4]
> ../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
> Successful AuthZ: [DCE/RPC,NTLMSSP] user [DOMAIN-02]\[user]
> [S-1-5-21-XXX-XXX-XXX-xxxx] at [Tue, 19 Oct 2021 14:22:55.213356 CEST]
> Remote host [ipv4:yyy.yyy.yyy.yyy:49949] local host
> [ipv4:yyy.yyy.yyy.xxxx:445]
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]:
> [2021/10/19 14:22:55.272006, 3]
> ../../auth/auth_log.c:653(log_authentication_event_human_readable)
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de winbindd[1468]: Auth:
> [winbind,NTLM_AUTH, nss_winbind, 1003] user [DOMAIN-02]\[user] at
> [Tue, 19 Oct 2021 14:22:55.271994 CEST] with [NTLMv2] status
> [NT_STATUS_OK] workstation [HOST] remote host [unix:] became
> [DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host [unix:]
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
> [2021/10/19 14:22:55.272247, 3]
> ../../auth/auth_log.c:653(log_authentication_event_human_readable)
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]: Auth:
> [DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Tue, 19 Oct 2021
> 14:22:55.272236 CEST] with [NTLMv2] status [NT_STATUS_OK] workstation
> [HOST] remote host [ipv4:yyy.yyy.yyy.yyy:49949] became
> [DOMAIN-02]\[user] [S-1-5-21-XXX-XXX-XXX-xxxx]. local host
> [ipv4:yyy.yyy.yyy.xxxx:445]
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
> [2021/10/19 14:22:55.275198, 4]
> ../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
> Okt 19 14:22:55 printserver.hq.DOMAIN-biotech.de smbd[2135]:
> Successful AuthZ: [DCE/RPC,NTLMSSP] user [DOMAIN-02]\[user]
> [S-1-5-21-XXX-XXX-XXX-xxxx] at [Tue, 19 Oct 2021 14:22:55.275188 CEST]
> Remote host [ipv4:yyy.yyy.yyy.yyy:49949] local host
> [ipv4:yyy.yyy.yyy.xxxx:445]
>
>
>
> smb.conf
>
> [global]
> netbios name = Printserver
> server string = Printserver
> security = ADS
> realm = HQ.DOMAIN.DE
> workgroup = DOMAIN-02
> max log size = 50000
> disable netbios = yes
> smb ports = 445
> server min protocol = SMB2
> client min protocol = SMB2
> #log level = 4
> log level = 1 auth_audit:5
> logging =syslog only
> kerberos method = secrets and keytab
> dedicated keytab file = /etc/krb5.keytab
> writeable =YES
> map acl inherit = yes
> store dos attributes = yes
> inherit acls = Yes
> username map = /etc/samba/smbusers
>
> interfaces = lo eth0
> bind interfaces only = Yes
> ##idmap##
> # Default idmap config used for BUILTIN and local windows
> accounts/groups
> idmap config *:backend = tdb
> idmap config *:range = 1000000-2000000
>
> # idmap config for domain DOMAIN-02
> idmap config DOMAIN-02:backend = ad
> idmap config DOMAIN-02:range = 500-65555
> idmap config DOMAIN-02:schema_mode = rfc2307
> idmap config DOMAIN-02:unix_nss_info = yes
> winbind use default domain = Yes
> winbind offline logon = yes
> winbind refresh tickets = yes
>
> #Printing
> rpc_server:spoolss = external
> rpc_daemon:spoolssd = fork
> spoolss: architecture = Windows x64
>
> [printers]
> path = /var/spool/samba/
> printable = yes
> printing = cups
>
> [print$]
> path = /srv/samba_printer_drivers/
> read only = no
>
More information about the samba
mailing list