[Samba] Upgrading from Samba 4.0.1 to 4.1.6
Marc Muehlfeld
samba at marc-muehlfeld.de
Fri Mar 14 09:50:48 MDT 2014
Hello Jason
Am 14.03.2014 16:18, schrieb Jason Waters:
> Took a quick look in /usr/local/samba/var/samba.log and saw the ldap error.
I guess you hit this fix:
http://www.samba.org/samba/history/samba-4.0.11.html
CVE-2013-4476:
In setups which provide ldap(s) and/or https services, the private
key for SSL/TLS encryption might be world readable. This typically
happens in active directory domain controller setups.
You would have this in your logs, then:
[2014/01/29 20:19:14.836873, 0, pid=4311]
../lib/util/util.c:161(file_check_permissions)
invalid permissions on file '/usr/local/samba/private/tls/key.pem':
has 0644 should be 0600
[2014/01/29 20:19:14.843206, 0, pid=4311]
../source4/lib/tls/tls_tstream.c:1125(tstream_tls_params_server)
Invalid permissions on TLS private key file
'/usr/local/samba/private/tls/key.pem':
owner uid 0 should be 0, mode 0644 should be 0600
This is known as CVE-2013-4476.
Removing all tls .pem files will cause an auto-regeneration with the
correct permissions.
This is about the TLS keys for LDAP encryption. Remove the key files and
restart Samba.
I've added this to the Wiki page, too, as we often had this problem on
the list in the past:
https://wiki.samba.org/index.php/Updating_Samba
Regards,
Marc
More information about the samba
mailing list