Samba4 broken since Upgrade 4.0.6 to 4.0.14
samba at marc-muehlfeld.de
Wed Jan 29 12:24:02 MST 2014
Am 29.01.2014 13:18, schrieb Christian Vielhauer:
> Before upgrade i was able to to wbinfo -u and get all users.
> In ps ax were some samba -D processes….
> Now after upgrade i was able to start using init script by „start samba“ but just one samba -D process is running and two smbd processes "/usr/local/samba/sbin/smbd --option=server role check:inhibit=yes —foreground“ .
My guess is, you hit this security fix:
In setups which provide ldap(s) and/or https services, the private
key for SSL/TLS encryption might be world readable. This typically
happens in active directory domain controller setups.
Check your Samba logs for (this will appear in your log.%m, if you hit
[2014/01/29 20:19:14.836873, 0, pid=4311]
invalid permissions on file '/usr/local/samba/private/tls/key.pem':
has 0644 should be 0600
[2014/01/29 20:19:14.843206, 0, pid=4311]
Invalid permissions on TLS private key file
owner uid 0 should be 0, mode 0644 should be 0600
This is known as CVE-2013-4476.
Removing all tls .pem files will cause an auto-regeneration with the
And to fix it, simply set the mode of your key.pem to 600 and restart Samba.
More information about the samba-technical