[Samba] upgrade from 4.17 to samba 4.18.1
Corrado Ravinetto
corrado.ravinetto at lanificiocerruti.com
Thu Mar 30 10:06:17 UTC 2023
Hello all
On my centos 8 i upgraded compiling my self from source.
After upgrade of my dc from samba 4.17 to samba 4.18.1 my logs are full of :
Mar 30 11:58:00 dc3 samba[708393]: CVE-2022-38023: client_account[MAGCAMPIONI$] computer_name[MAGCAMPIONI] schannel_type[2] client_negotiate_flags[0x600fffff] real_account[magcampioni$] NT_STATUS_DOWNGRADE_DETECTED reject_des[0] reject_md5[1]
Mar 30 11:58:00 dc3 samba[708393]: [2023/03/30 11:58:00.117240, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:291(dcesrv_netr_ServerAuthenticate3_check_downgrade)
Mar 30 11:58:00 dc3 samba[708393]: CVE-2022-38023: Check if option 'server reject md5 schannel:magcampioni$ = no' might be needed for a legacy client.
Mar 30 11:58:00 dc3 samba[708379]: [2023/03/30 11:58:00.136897, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:281(dcesrv_netr_ServerAuthenticate3_check_downgrade)
Mar 30 11:58:00 dc3 samba[708379]: CVE-2022-38023: client_account[PASSAPZXP$] computer_name[PASSAPZXP] schannel_type[2] client_negotiate_flags[0x600fffff] real_account[passapzxp$] NT_STATUS_DOWNGRADE_DETECTED reject_des[0] reject_md5[1]
Mar 30 11:58:00 dc3 samba[708379]: [2023/03/30 11:58:00.136993, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:291(dcesrv_netr_ServerAuthenticate3_check_downgrade)
Mar 30 11:58:00 dc3 samba[708379]: CVE-2022-38023: Check if option 'server reject md5 schannel:passapzxp$ = no' might be needed for a legacy client.
Mar 30 11:58:48 dc3 samba[708379]: [2023/03/30 11:58:48.782007, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:281(dcesrv_netr_ServerAuthenticate3_check_downgrade)
Mar 30 11:58:48 dc3 samba[708379]: CVE-2022-38023: client_account[DATACOLOR0719$] computer_name[DATACOLOR0719] schannel_type[2] client_negotiate_flags[0x600fffff] real_account[DATACOLOR0719$] NT_STATUS_DOWNGRADE_DETECTED reject_des[0] reject_md5[1]
Mar 30 11:58:48 dc3 samba[708379]: [2023/03/30 11:58:48.782116, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:291(dcesrv_netr_ServerAuthenticate3_check_downgrade)
Mar 30 11:58:48 dc3 samba[708379]: CVE-2022-38023: Check if option 'server reject md5 schannel:DATACOLOR0719$ = no' might be needed for a legacy client.
Mar 30 12:00:05 dc3 samba[708379]: [2023/03/30 12:00:05.691763, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:281(dcesrv_netr_ServerAuthenticate3_check_downgrade)
Mar 30 12:00:05 dc3 samba[708379]: CVE-2022-38023: client_account[PASSA_PZ2$] computer_name[PASSA_PZ2] schannel_type[2] client_negotiate_flags[0x600fffff] real_account[PASSA_PZ2$] NT_STATUS_DOWNGRADE_DETECTED reject_des[0] reject_md5[1]
Mar 30 12:00:05 dc3 samba[708379]: [2023/03/30 12:00:05.691850, 0] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:291(dcesrv_netr_ServerAuthenticate3_check_downgrade)
Mar 30 12:00:05 dc3 samba[708379]: CVE-2022-38023: Check if option 'server reject md5 schannel:PASSA_PZ2$ = no' might be needed for a legacy client.
How can i do ??
At this moment my clients not experiencing particular problem.
thanks
Corrado Ravinetto
Sistemi informativi
corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com>
T: +39 015 3591283
[Lanificio F.lli CERRUTI]
Lanificio F.lli Cerruti S.p.A.
Via Cernaia 40, 13900 - Biella (BI) Italy
www.lanificiocerruti.com <http://www.lanificiocerruti.com/>
[Twitter] <https://twitter.com/Lan_Cerruti> [Facebook] <https://www.facebook.com/LanificioCerruti> [Instagram] <https://www.instagram.com/lanificiocerruti/>
Rispetta l'ambiente, non stampare questa mail se non necessario
Respect the environment, don't print unless necessary
[Unesco]
More information about the samba
mailing list