Samba4 update
Rowland Penny
repenny241155 at gmail.com
Sun Mar 2 06:01:33 MST 2014
On 02/03/14 11:03, Zbigniew Góra wrote:
> Hello everyone,
>
> My colleges notice the problem with Samba4 update.
>
> From 4.0.9 to 4.1.0 --> working
> from 4.0.9 to 4.1.5 --> not working
> from 4.1.0 --> 4.1.4 --> not working
> from 4.1.4 --> 4.1.5 --> working.
>
> There is the log 4.0.9 to 4.1.5:
>
> [2014/03/01 09:48:31.459388, 0]
> ../source4/smbd/server.c:370(binary_smbd_main)
> samba version 4.1.5 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2013
> [2014/03/01 09:48:31.709838, 0]
> ../source4/smbd/server.c:492(binary_smbd_main)
> samba: using 'standard' process model
> [2014/03/01 09:48:31.754685, 0]
> ../lib/util/util.c:161(file_check_permissions)
> invalid permissions on file '/usr/local/samba/private/tls/key.pem': has
> 0644 should be 0600
> [2014/03/01 09:48:31.770875, 0]
> ../source4/lib/tls/tls_tstream.c:1125(tstream_tls_params_server)
> Invalid permissions on TLS private key file
> '/usr/local/samba/private/tls/key.pem':
> owner uid 0 should be 0, mode 0644 should be 0600
> This is known as CVE-2013-4476.
> Removing all tls .pem files will cause an auto-regeneration with the
> correct permissions.
> [2014/03/01 09:48:31.771416, 0]
> ../source4/ldap_server/ldap_server.c:940(ldapsrv_task_init)
> ldapsrv failed tstream_tls_params_server -
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> [2014/03/01 09:48:31.771626, 0]
> ../source4/smbd/service_task.c:35(task_server_terminate)
> task_server_terminate: [Failed to startup ldap server task]
> [2014/03/01 09:48:31.797471, 0]
> ../source4/smbd/server.c:211(samba_terminate)
> samba_terminate: Failed to startup ldap server task
>
> Could you say something about this?
>
> Regards,
> ___________
> Zbyszek Góra
Hi, if you read what YOU posted, it actually says it all, removing the
cruft leaves:
invalid permissions on file '/usr/local/samba/private/tls/key.pem':
has 0644 should be 0600
Invalid permissions on TLS private key file
'/usr/local/samba/private/tls/key.pem': owner uid 0 should be 0, mode
0644 should be 0600
This is known as CVE-2013-4476.
Removing all tls .pem files will cause an auto-regeneration with the
correct permissions.
So, do what it says, delete /usr/local/samba/private/tls/key.pem and try
again.
Rowland
More information about the samba-technical
mailing list