[Samba] Printserver after latest MS updates
Jeremy Allison
jra at samba.org
Tue Oct 19 17:16:31 UTC 2021
On Tue, Oct 19, 2021 at 07:13:03PM +0200, cn--- via samba wrote:
>Am 19.10.21 um 19:10 schrieb Jeremy Allison via samba:
>>On Tue, Oct 19, 2021 at 02:37:55PM +0200, cn--- via samba wrote:
>>>Hello you all,
>>>Microsoft is still trying to fix the PrintNightmare bugs. And
>>>after the latest patch day we see lots of NTLMv2 auths on our
>>>printserver. And _only_ on our printserver and not on any other
>>>member servers.
>>>
>>>It is not that Kerberos does not work. I can ssh into that machine
>>>using Kerberos I can connect with smbclient with kerberos. Also
>>>the logs are really spammed with those messages. And it all
>>>started after we released the last patchday updates from MS.
>>>This is on RockyLinux with Samba Version 4.14.8 from Sernet. Also
>>>had the same Problem on 4.14.7. smb.conf is below.
>>>Everything seems to work as expected. It just is the number of
>>>NTLMv2 auths that made me look at this more closely.
>>
>>NTLM auths can happen when a machine isn't using name-based
>>lookups (i.e. not using DNS names). Kerberos requires name-based
>>lookups in order to get tickets. That's usually the cause of
>>NTLM.
>
>Good hint. I'll check if somebody altered the GPO with this regard.
>However, could it also be that the MS patch changed something there
>(like talking the IP instead of a name?)
That is *extremely* unlikely. Many organizations ban the use
of NTLM and require kerberos, so that would get Windows de-certified
in many places. So no, I doubt that very much :-).
More information about the samba
mailing list