-1

We have some ancient Samba 3.5 and 3.6 vintage servers, in an AD environment, which have until recently worked relatively well. Yes, I'm aware they're old, but we would need a VERY good reason to remove these servers from production. However, recently the shares on the 3.6 hosts have become unavailable without any configuration changes having been made to the configuration. However, we have noticed that some similarly ancient Windows 2003 hosts are still able to access the shares.

In the same time-frame, the "WannaCry" patch MS17-010 was applied (even to the 2003 hosts). I notice that Samba 3.6 introduced DCERPC protocol support - which this patch modifies or removes (not sure which). There have also been a number of other Windows patches installed in the same time-frame.

Is anyone else using this vintage of Samba in a fully AD environment and seeing problems since the introduction of the MS17-010 patch?

I'm trying to be as explicit and brief as possible, at the same time. Happy to add/amend the question through feedback - please do not flame me for this!

andydj
  • 1

1 Answers1

0

We too are using "vintage" Samba as an NT-style DC (on Debian Squeeze), and MS17-010 broke the ability of Windows clients to join the domain. Thus far the only effective fix we've found is to patch or upgrade Samba.

Keith
  • 1
  • Yes, we've come to the same conclusion. Thanks for your input! – andydj Jul 17 '17 at 06:27
  • One additional note; for our Squeeze machines (don't judge me!), a backport of the Wheezy package with updates has proven successful, and gets us past the nasty parts of the security team's vulnerability scans. – Keith Jul 18 '17 at 15:33