[Samba] Upgrading from Samba 4.0.1 to 4.1.6
samba at marc-muehlfeld.de
Fri Mar 14 09:50:48 MDT 2014
Am 14.03.2014 16:18, schrieb Jason Waters:
> Took a quick look in /usr/local/samba/var/samba.log and saw the ldap error.
I guess you hit this fix:
In setups which provide ldap(s) and/or https services, the private
key for SSL/TLS encryption might be world readable. This typically
happens in active directory domain controller setups.
You would have this in your logs, then:
[2014/01/29 20:19:14.836873, 0, pid=4311]
invalid permissions on file '/usr/local/samba/private/tls/key.pem':
has 0644 should be 0600
[2014/01/29 20:19:14.843206, 0, pid=4311]
Invalid permissions on TLS private key file
owner uid 0 should be 0, mode 0644 should be 0600
This is known as CVE-2013-4476.
Removing all tls .pem files will cause an auto-regeneration with the
This is about the TLS keys for LDAP encryption. Remove the key files and
I've added this to the Wiki page, too, as we often had this problem on
the list in the past:
More information about the samba