[Samba] Upgrading from Samba 4.0.1 to 4.1.6

Jason Waters jwaters at h2os.com
Fri Mar 14 09:53:39 MDT 2014


Marc,
    Great I will try that tonight.  Thank you for the help!  I will make
sure I let you know if that fixed it or not.

Jason


On Fri, Mar 14, 2014 at 11:50 AM, Marc Muehlfeld <samba at marc-muehlfeld.de>wrote:

> Hello Jason
>
> Am 14.03.2014 16:18, schrieb Jason Waters:
>
>  Took a quick look in /usr/local/samba/var/samba.log and saw the ldap
>> error.
>>
>
> I guess you hit this fix:
> http://www.samba.org/samba/history/samba-4.0.11.html
>
> CVE-2013-4476:
>    In setups which provide ldap(s) and/or https services, the private
>    key for SSL/TLS encryption might be world readable. This typically
>    happens in active directory domain controller setups.
>
>
> You would have this in your logs, then:
>
> [2014/01/29 20:19:14.836873,  0, pid=4311] ../lib/util/util.c:161(file_
> check_permissions)
>   invalid permissions on file '/usr/local/samba/private/tls/key.pem': has
> 0644 should be 0600
> [2014/01/29 20:19:14.843206,  0, pid=4311] ../source4/lib/tls/tls_
> tstream.c:1125(tstream_tls_params_server)
>   Invalid permissions on TLS private key file
> '/usr/local/samba/private/tls/key.pem':
>   owner uid 0 should be 0, mode 0644 should be 0600
>   This is known as CVE-2013-4476.
>   Removing all tls .pem files will cause an auto-regeneration with the
> correct permissions.
>
>
> This is about the TLS keys for LDAP encryption. Remove the key files and
> restart Samba.
>
>
> I've added this to the Wiki page, too, as we often had this problem on the
> list in the past:
> https://wiki.samba.org/index.php/Updating_Samba
>
>
> Regards,
> Marc
>


More information about the samba mailing list