[Samba] Printserver after latest MS updates

cn at brain-biotech.de cn at brain-biotech.de
Mon Oct 25 11:51:58 UTC 2021 

Am 25.10.21 um 13:47 schrieb Achim Gottinger via samba:
> 
> 
> Am 25.10.2021 um 11:14 schrieb L.P.H. van Belle via samba:
>>> Hello Christian and Louis,
>>>
>>> I assume both of you use domain accounts for testing.
>> Yes, that is correct.
>>
>>> Does  printing and connecting new printers also work with local non
>>> domain accounts?
>> I dont have any "none domain" accounts here.
>>
>>> Here this (local account printing) works
>>> with Windows 11 but not with Windows 10 LTSC ( I assume
>>> windows server 2019 will be affected as well). I did not
>>> release the Oktober Update on our WSUS servers here, but last
>>> Friday an work colleague called because he could no longer
>>> print to the office from his home office pc (Windows 10 Pro,
>>> local account). Afterwards I started testing and posted
>>> results here a few days ago for comparison.
>> I do have 2 windows 11 pc's currenlty these also work as far i know.
>> I'll let that user print some for me.
>> All windows 10 versions i have running are 2004 or up.
>>
> Thank you for the reply.
> For sake of completeness I tried it with Windows Server 2019 Version 1809 Update 2021-10 installed.
> Again no issues with domain accounts but with an local administrator if i try to connect an printer an credential window pops up and after entering domain credentials again an dialog pops up saying
> the account is not allowed to install/access this printer.
> So only Windows 11 seems to work with local accounts. The collegue first having the problem here uses  Windows 10 21H2.
> 
> This is the log (level 2) with when I connect to a printer (debian stretch samba 4.10) from server 2019 logged in with an domain account. Seems to be all kerberos here.
> 
> Okt 25 11:39:57 ad-test smbd[57830]: [2021/10/25 11:39:57.715406,  4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable)
> Okt 25 11:39:57 ad-test smbd[57830]:   Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:57.715385 UTC] Remote host [ipv4:192....:50475]
> local host [ipv4:192....:445]
> Okt 25 11:39:57 ad-test smbd[57830]: [2021/10/25 11:39:57.814763,  4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable)
> Okt 25 11:39:57 ad-test smbd[57830]:   Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:57.814742 UTC] Remote host [ipv4:192....:50475]
> local host [ipv4:192....:445]
> Okt 25 11:39:57 ad-test smbd[57830]: [2021/10/25 11:39:57.914702,  4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable)
> Okt 25 11:39:57 ad-test smbd[57830]:   Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:57.914680 UTC] Remote host [ipv4:192....:50475]
> local host [ipv4:192....:445]
> Okt 25 11:39:58 ad-test smbd[57830]: [2021/10/25 11:39:58.020295,  4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable)
> Okt 25 11:39:58 ad-test smbd[57830]:   Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:58.020273 UTC] Remote host [ipv4:192....:50475]
> local host [ipv4:192....:445]
> 
> Same test environment local account not working printer connect attempt:
> 
> Okt 25 11:43:16 ad-test smbd[57852]: [2021/10/25 11:43:16.553308,  2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
> Okt 25 11:43:16 ad-test smbd[57852]:   Auth: [SMB2,NTLMSSP] user [S2019-TEST]\[Administrator] at [Mo, 25 Okt 2021 11:43:16.553281 UTC] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation
> [S2019-TEST] remote host [ipv4:192....:59221] mapped to [S2019-TEST]\[Administrator]. local host [ipv4:192....:445]
> Okt 25 11:43:16 ad-test smbd[57853]: [2021/10/25 11:43:16.648050,  2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
> Okt 25 11:43:16 ad-test smbd[57853]:   Auth: [SMB2,NTLMSSP] user [S2019-TEST]\[Administrator] at [Mo, 25 Okt 2021 11:43:16.648022 UTC] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation
> [S2019-TEST] remote host [ipv4:192....:59222] mapped to [S2019-TEST]\[Administrator]. local host [ipv4:192....:445]
> Okt 25 11:43:16 ad-test smbd[57854]: [2021/10/25 11:43:16.683346,  2] ../../auth/auth_log.c:647(log_authentication_event_human_readable)
> Okt 25 11:43:16 ad-test smbd[57854]:   Auth: [SMB2,NTLMSSP] user [S2019-TEST]\[Administrator] at [Mo, 25 Okt 2021 11:43:16.683315 UTC] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation
> [S2019-TEST] remote host [ipv4:192....:59223] mapped to [S2019-TEST]\[Administrator]. local host [ipv4:192....:445]

Which points to the fact that Rowland mentioned. The computers try to 
use NTLM which fails for non Domain computers?! Or am I wrong here?

Here a Link I have found which talks about the NTLM Problem.

https://borncity.com/win/2021/10/19/microsoft-besttigt-windows-netzwerkdruckproblem-nach-oktober-2021-updates/

-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

More information about the samba mailing list