An issue has been found in Samba 4.0 and later, where an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw., but only when used as domain controller. Since version 4.8 (released in March 2018), the default behaviour of Samba has been to insist on a secure netlogon channel, which is a sufficient fix against the known exploits. This default is equivalent to having 'server schannel = yes' in the smb.conf. Therefore versions 4.8 and above are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'. Samba versions 4.7 and below are vulnerable unless they have 'server schannel = yes' in the smb.conf.
An issue has been found in Samba 4.0 and later, where an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw., but only when used as domain controller. Since version 4.8 (released in March 2018), the default behaviour of Samba has been to insist on a secure netlogon channel, which is a sufficient fix against the known exploits. This default is equivalent to having 'server schannel = yes' in the smb.conf. Therefore versions 4.8 and above are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'. Samba versions 4.7 and below are vulnerable unless they have 'server schannel = yes' in the smb.conf.
https://www.samba.org/samba/security/CVE-2020-1472.html
Vulmon