[Samba] Printserver after latest MS updates

cn at brain-biotech.de cn at brain-biotech.de
Tue Oct 19 17:13:03 UTC 2021

Am 19.10.21 um 19:10 schrieb Jeremy Allison via samba:
> On Tue, Oct 19, 2021 at 02:37:55PM +0200, cn--- via samba wrote:
>> Hello you all,
>> Microsoft is still trying to fix the PrintNightmare bugs. And after 
>> the latest patch day we see lots of NTLMv2 auths on our printserver. 
>> And _only_ on our printserver and not on any other member servers.
>> It is not that Kerberos does not work. I can ssh into that machine 
>> using Kerberos I can connect with smbclient with kerberos. Also the 
>> logs are really spammed with those messages. And it all started after 
>> we released the last patchday updates from MS.
>> This is on RockyLinux with Samba Version 4.14.8 from Sernet. Also had 
>> the same Problem on 4.14.7. smb.conf is below.
>> Everything seems to work as expected. It just is the number of NTLMv2 
>> auths that made me look at this more closely.
> NTLM auths can happen when a machine isn't using name-based
> lookups (i.e. not using DNS names). Kerberos requires name-based
> lookups in order to get tickets. That's usually the cause of

Good hint. I'll check if somebody altered the GPO with this regard. 
However, could it also be that the MS patch changed something there 
(like talking the IP instead of a name?)



Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

More information about the samba mailing list