Created attachment 13340 [details] patch for master File servers should not be running the NETLOGON server or accept schannel authentication. We had a security issue in NETLOGON a while back, which would have been avoided for most of our users if we had this protection.
Fixed by e23e8d9ff9144dabea8738c9ab28862c5996c9a8 in master for Samba 4.7