NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

JayLim77's avatar
JayLim77
Aspirant
Apr 24, 2023

Windows Patch for RPC Sealing and Samba for ReadyNAS 4220S

I have a ReadyNAS 4220S running 6.9.3 that is being used for SMB shares.   The problem we just found out is that Microsoft is patching RPC authentication to stop RPC Signing and only allow RPC Seal...
Sandshark's avatar
Sandshark
Sensei
May 04, 2023

Every indication is that Netgear is silently exiting the NAS business and just leaving it's customers hanging.  I think you should go on the assumption that Netgear will do nothing.  If that's not the case, you'll be pleasantly surprised.  Better that than caught with your pants down when the patch is implemented.

 

The NAS will not cease to work, but you'll have to change from AD to local access control.  Depending on how many users that is, it could be a daunting task.  Can you re-purpose your Netgear products as backup only, so not as many need access?  Unfortunately, I have no idea how to migrate from AD integration.

 

Another option is installing a generic Linux system since it's basically just an Intel-based motherboard.  The best way to do that is to temporarily remove the 10GBE card and install a video card.  Once you've installed and set things up for headless operation, you can swap back in the Ethernet card.  I have read that a DisplyLink USB video adapter has Linux support.  So if you need to maintain a display, you could see about using one of them.

JayLim77's avatar
JayLim77
Aspirant
May 11, 2023

I just wanted to add I updated the ReadyNAS OS to 6.10.8 and logged in by SSH. I then ran smbstatus | grep version, which output:

 

#smbstatus | grep version
#Samba version 4.8.0

 

I checked the 4.8.0 version of Samba and the release notes from samba.org. This version is from March 13, 2018 as per https://www.samba.org/samba/history/samba-4.8.0.html

 

This is pretty bad that the version of Samba on the ReadyNAS, which is one version behind the currently available to download on this site and is the currently advertised version by auto update, is so far out of date and is over 5 years old.

 

This is just an FYI for all to know.

  • StephenB's avatar
    StephenB
    Guru - Experienced User
    May 12, 2023
    JayLim77 wrote:

    I just wanted to add I updated the ReadyNAS OS to 6.10.8 and logged in by SSH. I then ran smbstatus | grep version, which output Samba Version 4.8.0

     

    The SAMBA libraries used in the ReadyNAS come from the Netgear Repositories, not the Debian ones.  I believe they've made some modifications, and therefore had to backport fixes.  This suggests that you shouldn't attempt to update SAMBA via ssh.

     

    • JayLim77's avatar
      JayLim77
      Aspirant
      May 12, 2023

      I'm not sure why my earlier message was removed.

       

      I merely stated I wasn't updating Samba by SSH and 4.8.0 was really old, even with backporting. Especially relating to the Samba versions 4.15.13, 4.16.8 and 4.17.4 and later resolve the issue discussed in this thread.

       

      The CVE is CVE-2022-38023 and linked here, https://www.samba.org/samba/security/CVE-2022-38023.html.

      • StephenB's avatar
        StephenB
        Guru - Experienced User
        May 12, 2023
        JayLim77 wrote:

        I'm not sure why my earlier message was removed.

         

        It was caught by the automatic spam filter (no idea why).

         

        If this happens again, you can send me a PM.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More