[Samba] Upgrading from Samba 4.0.1 to 4.1.6
Jason Waters
jwaters at h2os.com
Fri Mar 14 09:53:39 MDT 2014
Marc,
Great I will try that tonight. Thank you for the help! I will make
sure I let you know if that fixed it or not.
Jason
On Fri, Mar 14, 2014 at 11:50 AM, Marc Muehlfeld <samba at marc-muehlfeld.de>wrote:
> Hello Jason
>
> Am 14.03.2014 16:18, schrieb Jason Waters:
>
> Took a quick look in /usr/local/samba/var/samba.log and saw the ldap
>> error.
>>
>
> I guess you hit this fix:
> http://www.samba.org/samba/history/samba-4.0.11.html
>
> CVE-2013-4476:
> In setups which provide ldap(s) and/or https services, the private
> key for SSL/TLS encryption might be world readable. This typically
> happens in active directory domain controller setups.
>
>
> You would have this in your logs, then:
>
> [2014/01/29 20:19:14.836873, 0, pid=4311] ../lib/util/util.c:161(file_
> check_permissions)
> invalid permissions on file '/usr/local/samba/private/tls/key.pem': has
> 0644 should be 0600
> [2014/01/29 20:19:14.843206, 0, pid=4311] ../source4/lib/tls/tls_
> tstream.c:1125(tstream_tls_params_server)
> Invalid permissions on TLS private key file
> '/usr/local/samba/private/tls/key.pem':
> owner uid 0 should be 0, mode 0644 should be 0600
> This is known as CVE-2013-4476.
> Removing all tls .pem files will cause an auto-regeneration with the
> correct permissions.
>
>
> This is about the TLS keys for LDAP encryption. Remove the key files and
> restart Samba.
>
>
> I've added this to the Wiki page, too, as we often had this problem on the
> list in the past:
> https://wiki.samba.org/index.php/Updating_Samba
>
>
> Regards,
> Marc
>
More information about the samba
mailing list