> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Achim Gottinger via samba > Verzonden: maandag 25 oktober 2021 11:02 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Printserver after latest MS updates > > Am 25.10.21 um 10:40 schrieb cn--- via samba: > > I have set "auth_audit" > > > > log level = 1 auth_audit:3@/var/log/samba/print.log > > > > And I have tons of these: > > > > > > [2021/10/25 10:38:44.484840,? 3] > ../../auth/auth_log.c:653(log_authentication_event_human_readable) > > ? Auth: [DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Mon, > 25 Oct 2021 10:38:44.484815 CEST] with [NTLMv2] status > [NT_STATUS_OK] workstation [BR-HOST] remote host > [ipv4:X.X.X.X:59409] became [DOMAIN-02]\[user] > [S-1-5-21-xxx-xxx-xxx-xxx]. local host [ipv4:X.X.X.X:445] > > > > Thanks for testing. > > > > > > Am 25.10.21 um 10:18 schrieb L.P.H. van Belle via samba: > >> I've set in smb.conf > >> > >> ? log level = 1 full_audit:3@/var/log/samba_audit.log > >> > >> Printed.. ( point and print setup with cups ) > >> What do you want to see? Because, ive printed multiple prints now, > >> as did some collega's. > >> > >> 0 messages in my logs. > >> Well, 1 message then, that i've successfully printed with > cups (in cups log). > >> > >> Greetz, > >> > >> Louis > > Hello Christian and Louis, > > I assume both of you use domain accounts for testing.Yes, that is correct.> Does printing and connecting new printers also work with local non > domain accounts?I dont have any "none domain" accounts here.> Here this (local account printing) works > with Windows 11 but not with Windows 10 LTSC ( I assume > windows server 2019 will be affected as well). I did not > release the Oktober Update on our WSUS servers here, but last > Friday an work colleague called because he could no longer > print to the office from his home office pc (Windows 10 Pro, > local account). Afterwards I started testing and posted > results here a few days ago for comparison.I do have 2 windows 11 pc's currenlty these also work as far i know. I'll let that user print some for me. All windows 10 versions i have running are 2004 or up.> > Thanks in advance, > > AchimBased on Rowland message:> Try changing the 3 in 'auth_audit' to 2, what you are receiving in the > logs is just Samba telling you that authentication was successful. > > RowlandAfter a restart, i see, ( and i ignore these ) ==> samba/log.wb-PRINT1 <=[2021/10/25 11:09:14.389132, 0] ../../source3/winbindd/winbindd_cm.c:1894(wb_open_internal_pipe) open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND [2021/10/25 11:09:14.389340, 0] ../../librpc/rpc/dcesrv_core.c:3010(dcesrv_call_dispatch_local) dcesrv_call_dispatch_local: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR ==> samba/log.smbd <=[2021/10/25 11:09:14.859963, 1] ../../source3/printing/spoolssd.c:658(start_spoolssd) Forking SPOOLSS Daemon [2021/10/25 11:09:14.863446, 1] ../../source3/printing/printer_list.c:234(printer_list_get_last_refresh) Failed to fetch record! ==> samba/log.spoolssd <=[2021/10/25 10:16:47.817622, 1] ../../source3/printing/printer_list.c:234(printer_list_get_last_refresh) Failed to fetch record! ( I did change audit to 2.) And auth_audit:2@/var/log/samba/print.log Still empty here. So far, Greetz, Louis
Am 25.10.21 um 11:14 schrieb L.P.H. van Belle via samba:> > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Achim Gottinger via samba >> Verzonden: maandag 25 oktober 2021 11:02 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Printserver after latest MS updates >> >> Am 25.10.21 um 10:40 schrieb cn--- via samba: >>> I have set "auth_audit" >>> >>> log level = 1 auth_audit:3@/var/log/samba/print.log >>> >>> And I have tons of these: >>> >>> >>> [2021/10/25 10:38:44.484840,? 3] >> ../../auth/auth_log.c:653(log_authentication_event_human_readable) >>> ? Auth: [DCE/RPC,(null)] user [DOMAIN-02]\[user] at [Mon, >> 25 Oct 2021 10:38:44.484815 CEST] with [NTLMv2] status >> [NT_STATUS_OK] workstation [BR-HOST] remote host >> [ipv4:X.X.X.X:59409] became [DOMAIN-02]\[user] >> [S-1-5-21-xxx-xxx-xxx-xxx]. local host [ipv4:X.X.X.X:445] >>> >>> Thanks for testing. >>> >>> >>> Am 25.10.21 um 10:18 schrieb L.P.H. van Belle via samba: >>>> I've set in smb.conf >>>> >>>> ? log level = 1 full_audit:3@/var/log/samba_audit.log >>>> >>>> Printed.. ( point and print setup with cups ) >>>> What do you want to see? Because, ive printed multiple prints now, >>>> as did some collega's. >>>> >>>> 0 messages in my logs. >>>> Well, 1 message then, that i've successfully printed with >> cups (in cups log). >>>> >>>> Greetz, >>>> >>>> Louis >> >> Hello Christian and Louis, >> >> I assume both of you use domain accounts for testing. > Yes, that is correct. > >> Does printing and connecting new printers also work with local non >> domain accounts? > > I dont have any "none domain" accounts here. > >> Here this (local account printing) works >> with Windows 11 but not with Windows 10 LTSC ( I assume >> windows server 2019 will be affected as well). I did not >> release the Oktober Update on our WSUS servers here, but last >> Friday an work colleague called because he could no longer >> print to the office from his home office pc (Windows 10 Pro, >> local account). Afterwards I started testing and posted >> results here a few days ago for comparison. > > I do have 2 windows 11 pc's currenlty these also work as far i know. > I'll let that user print some for me. > All windows 10 versions i have running are 2004 or up. > >> >> Thanks in advance, >> >> Achim > > Based on Rowland message: >> Try changing the 3 in 'auth_audit' to 2, what you are receiving in the >> logs is just Samba telling you that authentication was successful. >> >> Rowland > > After a restart, i see, ( and i ignore these ) > ==> samba/log.wb-PRINT1 <=> [2021/10/25 11:09:14.389132, 0] ../../source3/winbindd/winbindd_cm.c:1894(wb_open_internal_pipe) > open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND > [2021/10/25 11:09:14.389340, 0] ../../librpc/rpc/dcesrv_core.c:3010(dcesrv_call_dispatch_local) > dcesrv_call_dispatch_local: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR > > ==> samba/log.smbd <=> [2021/10/25 11:09:14.859963, 1] ../../source3/printing/spoolssd.c:658(start_spoolssd) > Forking SPOOLSS Daemon > [2021/10/25 11:09:14.863446, 1] ../../source3/printing/printer_list.c:234(printer_list_get_last_refresh) > Failed to fetch record! > > ==> samba/log.spoolssd <=> [2021/10/25 10:16:47.817622, 1] ../../source3/printing/printer_list.c:234(printer_list_get_last_refresh) > Failed to fetch record! > > ( I did change audit to 2.) > And auth_audit:2@/var/log/samba/print.log > Still empty here.Yes 2 is also empty for me. There, only failed logins are logged. With 3 also successful Auth are logged :-) Regards -- Dr. Christian Naumer Vice President Unit Head Bioprocess Development BRAIN Biotech AG Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail cn at brain-biotech.com, homepage www.brain-biotech.com phone +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Adriaan Moelker (Vorstandsvorsitzender), Lukas Linnig Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
Am 25.10.2021 um 11:14 schrieb L.P.H. van Belle via samba:>> Hello Christian and Louis, >> >> I assume both of you use domain accounts for testing. > Yes, that is correct. > >> Does printing and connecting new printers also work with local non >> domain accounts? > I dont have any "none domain" accounts here. > >> Here this (local account printing) works >> with Windows 11 but not with Windows 10 LTSC ( I assume >> windows server 2019 will be affected as well). I did not >> release the Oktober Update on our WSUS servers here, but last >> Friday an work colleague called because he could no longer >> print to the office from his home office pc (Windows 10 Pro, >> local account). Afterwards I started testing and posted >> results here a few days ago for comparison. > I do have 2 windows 11 pc's currenlty these also work as far i know. > I'll let that user print some for me. > All windows 10 versions i have running are 2004 or up. >Thank you for the reply. For sake of completeness I tried it with Windows Server 2019 Version 1809 Update 2021-10 installed. Again no issues with domain accounts but with an local administrator if i try to connect an printer an credential window pops up and after entering domain credentials again an dialog pops up saying the account is not allowed to install/access this printer. So only Windows 11 seems to work with local accounts. The collegue first having the problem here uses? Windows 10 21H2. This is the log (level 2) with when I connect to a printer (debian stretch samba 4.10) from server 2019 logged in with an domain account. Seems to be all kerberos here. Okt 25 11:39:57 ad-test smbd[57830]: [2021/10/25 11:39:57.715406,? 4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable) Okt 25 11:39:57 ad-test smbd[57830]:?? Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:57.715385 UTC] Remote host [ipv4:192....:50475] local host [ipv4:192....:445] Okt 25 11:39:57 ad-test smbd[57830]: [2021/10/25 11:39:57.814763,? 4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable) Okt 25 11:39:57 ad-test smbd[57830]:?? Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:57.814742 UTC] Remote host [ipv4:192....:50475] local host [ipv4:192....:445] Okt 25 11:39:57 ad-test smbd[57830]: [2021/10/25 11:39:57.914702,? 4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable) Okt 25 11:39:57 ad-test smbd[57830]:?? Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:57.914680 UTC] Remote host [ipv4:192....:50475] local host [ipv4:192....:445] Okt 25 11:39:58 ad-test smbd[57830]: [2021/10/25 11:39:58.020295,? 4] ../../auth/auth_log.c:751(log_successful_authz_event_human_readable) Okt 25 11:39:58 ad-test smbd[57830]:?? Successful AuthZ: [spoolss,ncacn_np] user [TEST]\[Administrator] [S-1-5-21-XXX-500] at [Mo, 25 Okt 2021 11:39:58.020273 UTC] Remote host [ipv4:192....:50475] local host [ipv4:192....:445] Same test environment local account not working printer connect attempt: Okt 25 11:43:16 ad-test smbd[57852]: [2021/10/25 11:43:16.553308,? 2] ../../auth/auth_log.c:647(log_authentication_event_human_readable) Okt 25 11:43:16 ad-test smbd[57852]:?? Auth: [SMB2,NTLMSSP] user [S2019-TEST]\[Administrator] at [Mo, 25 Okt 2021 11:43:16.553281 UTC] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [S2019-TEST] remote host [ipv4:192....:59221] mapped to [S2019-TEST]\[Administrator]. local host [ipv4:192....:445] Okt 25 11:43:16 ad-test smbd[57853]: [2021/10/25 11:43:16.648050,? 2] ../../auth/auth_log.c:647(log_authentication_event_human_readable) Okt 25 11:43:16 ad-test smbd[57853]:?? Auth: [SMB2,NTLMSSP] user [S2019-TEST]\[Administrator] at [Mo, 25 Okt 2021 11:43:16.648022 UTC] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [S2019-TEST] remote host [ipv4:192....:59222] mapped to [S2019-TEST]\[Administrator]. local host [ipv4:192....:445] Okt 25 11:43:16 ad-test smbd[57854]: [2021/10/25 11:43:16.683346,? 2] ../../auth/auth_log.c:647(log_authentication_event_human_readable) Okt 25 11:43:16 ad-test smbd[57854]:?? Auth: [SMB2,NTLMSSP] user [S2019-TEST]\[Administrator] at [Mo, 25 Okt 2021 11:43:16.683315 UTC] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [S2019-TEST] remote host [ipv4:192....:59223] mapped to [S2019-TEST]\[Administrator]. local host [ipv4:192....:445]