Samba authentication broken after the latest Windows updates

Latest response

Just to let anyone know if their samba authentication has stopped working after the latest round of Windows updates.

Remove patch "KB316949 - MS16-077" from your MS Active Directory servers to restore connectivity.

MS16-077

  • Title: Security Update for WPAD (3165191)
  • https://technet.microsoft.com/library/security/ms16-077.aspx
  • Reason for Revision: V1.1 (June 22, 2016): Bulletin revised to add
    an Update FAQ on behavior changes to be aware of after installing
    this update. This is an informational change only.
  • Originally posted: June 14, 2016
  • Updated: June 22, 2016
  • Bulletin Severity Rating: Important
  • Version: 1.1

    MS16-JUN

  • Title: Microsoft Security Bulletin Summary for June 2016

  • https://technet.microsoft.com/library/security/ms16-JUN.aspx
  • Reason for Revision: V2.1 (June 22, 2016): For MS16-075 and
    MS16-076, added a Known Issue to the Executive Summaries table
    for update 3161561. When you try to access a domain DFS namespace
    (such as \contoso.com\SYSVOL) on a computer that is configured to
    require mutual authentication (by using the UNC Hardened Access
    feature), you receive an "Access Denied" error message. Microsoft
    is researching this problem and will post more information in this
    article when it becomes available. For more information, see
    Microsoft Knowledge Base Article 3161561.
  • Originally posted: June 14, 2016
  • Updated: June 22, 2016
  • Bulletin Severity Rating: Not applicable
  • Version: 2.1

Responses

This was a big help Last night. After several hours of troubleshooting, this resolved my issue,

To confirm, are you seeing this issue with a Samba client connecting to a Windows share? or accessing a Linux hosted Samba share from Windows?

Accessing Linux hosted samba shares from Windows.

Thanks for sharing this, Jonathan.

We've have also discovered that our Ricoh MFDs were unable to scan to Windows shares because of this patch, We've now had to changed the port number used on the printers to 445.

  1. Check firmware is up to date
  2. Telnet to printer
  3. Use the following command to change port "smb client port 445"
  4. Logout of telnet