Samba4 broken since Upgrade 4.0.6 to 4.0.14

Marc Muehlfeld samba at
Wed Jan 29 12:24:02 MST 2014

Hello Christian,

Am 29.01.2014 13:18, schrieb Christian Vielhauer:
> Before upgrade i was able to to wbinfo -u and get all users.
> In ps ax were some samba -D processes….
> Now after upgrade i was able to start using init script by „start samba“ but just one samba -D process is running and two smbd processes "/usr/local/samba/sbin/smbd --option=server role check:inhibit=yes —foreground“ .

My guess is, you hit this security fix:

    In setups which provide ldap(s) and/or https services, the private
    key for SSL/TLS encryption might be world readable. This typically
    happens in active directory domain controller setups.

Check your Samba logs for (this will appear in your log.%m, if you hit 
[2014/01/29 20:19:14.836873,  0, pid=4311] 
   invalid permissions on file '/usr/local/samba/private/tls/key.pem': 
has 0644 should be 0600
[2014/01/29 20:19:14.843206,  0, pid=4311] 
   Invalid permissions on TLS private key file 
   owner uid 0 should be 0, mode 0644 should be 0600
   This is known as CVE-2013-4476.
   Removing all tls .pem files will cause an auto-regeneration with the 
correct permissions.

And to fix it, simply set the mode of your key.pem to 600 and restart Samba.


More information about the samba-technical mailing list