[Samba] samba 4.13.17 ubuntu 20.04
Frank Rochlitzer
f.rochlitzer at b3-it.de
Thu Jan 26 21:21:50 UTC 2023
Hey Andre,
Sure, we already on the latest Patch Level on Ubuntu with 2:4.13.17~dfsg-0ubuntu1.20.04.4 Installer, but the issue still exist.
The only way to resolve the issue and to make a login possible again, was the workaround in my previous mail.
The Windows clients are Windows 10 22H2 with all updates installed.
We also doesn't have any special settings in smb.conf.
If you have any ideas of things we can check, you are welcome.
Best regards
Frank
Sent from Nine
________________________________
Von: Andrew Bartlett <abartlet at samba.org>
Gesendet: Donnerstag, 26. Januar 2023 22:09
An: Frank Rochlitzer; samba at lists.samba.org
Betreff: Re: [Samba] samba 4.13.17 ubuntu 20.04
Actually the fix went out on Dec 7 2022:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1993934/comments/45 id="-x-evo-selection-start-marker">
On Fri, 2023-01-27 at 10:05 +1300, Andrew Bartlett wrote:
> The latest Ubuntu 20.04 update for Samba has the Windows 22H2
> Kerberos issue fix (the windows 11 2038 date issue)
> samba (2:4.13.17~dfsg-0ubuntu1.20.04.4) focal-security;
> urgency=medium
> * SECURITY UPDATE: Buffer overflow in Heimdal unwrap_des3() -
> debian/patches/CVE-2022-3437-*.patch - CVE-2022-3437 * SECURITY
> UPDATE: Buffer overflow vulnerabilities on 32-bit systems -
> debian/patches/CVE-2022-42898-*.patch - CVE-2022-42898 * SECURITY
> UPDATE: Samba AD DC can be forced to issue rc4-hmac
> encrypted Kerberos tickets - debian/patches/CVE-2022-45141-
> *.patch - CVE-2022-45141 * SECURITY UPDATE: RC4/HMAC-MD5 NetLogon
> Secure Channel is weak and should be avoided -
> debian/patches/CVE-2022-38023-*.patch - CVE-2022-38023 * SECURITY
> UPDATE: rc4-hmac Kerberos session keys issued to modern servers -
> debian/patches/CVE-2022-3796x-*.patch - CVE-2022-37966 * SECURITY
> UPDATE: Kerberos constrained delegation ticket forgery possible
> against Samba AD DC - debian/patches/CVE-2022-3796x-*.patch -
> CVE-2022-37967 * debian/patches/win-22H2-fix.patch: split git-style
> patch into three individual patches so that it can be manipulated
> properly with quilt. * debian/patches/CVE-2022-44640-*.patch:
> Heimdal issue that did not affect Samba, but patches included for
> completeness.
> -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Wed, 11 Jan 2023
> 11:12:16 -0500On Thu, 2023-01-26 at 20:38 +0100, Frank Rochlitzer via
> samba wrote:
> > We have the same issue with Samba 4.13.17.
> > For Ubuntu 20.04 with Samba 4.13.17 there seems to be only a
> > workaround to solve the login problem:Modifying the Local Security
> > Policy -> Local Policies -> Security Options -> Network
> > security:"Configure encryption types allowed for Kerberos" Check
> > only DES_CBC_CRC, DES_CBC_MD5 and RC4_HMAC_MD5. This worked for us
> > to login again. You can find some more informations here:
> > https://stackoverflow.com/questions/75235829/samba-4-13-17-breaks-domain-login-with-kerberos-errors/75249164#75249164
> > Best regardsFrank
> --
> Andrew Bartlett (he/him) https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
> company
>
> Samba Development and Support: https://catalyst.net.nz/services/samba
>
> Catalyst IT - Expert Open Source Solutions
>
>
>
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list