[Samba] Upgrading from Samba 4.0.1 to 4.1.6

Marc Muehlfeld samba at marc-muehlfeld.de
Fri Mar 14 09:50:48 MDT 2014

Hello Jason

Am 14.03.2014 16:18, schrieb Jason Waters:
> Took a quick look in /usr/local/samba/var/samba.log and saw the ldap error.

I guess you hit this fix:

    In setups which provide ldap(s) and/or https services, the private
    key for SSL/TLS encryption might be world readable. This typically
    happens in active directory domain controller setups.

You would have this in your logs, then:

[2014/01/29 20:19:14.836873,  0, pid=4311] 
   invalid permissions on file '/usr/local/samba/private/tls/key.pem': 
has 0644 should be 0600
[2014/01/29 20:19:14.843206,  0, pid=4311] 
   Invalid permissions on TLS private key file 
   owner uid 0 should be 0, mode 0644 should be 0600
   This is known as CVE-2013-4476.
   Removing all tls .pem files will cause an auto-regeneration with the 
correct permissions.

This is about the TLS keys for LDAP encryption. Remove the key files and 
restart Samba.

I've added this to the Wiki page, too, as we often had this problem on 
the list in the past:


More information about the samba mailing list