Regression with 4.3.8 upgrade, Mac OS X machines can't connect
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba |
Unknown
|
Unknown
|
|||
samba (CentOS) |
Fix Released
|
Undecided
|
|||
samba (Debian) |
Fix Released
|
Unknown
|
|||
samba (Ubuntu) |
Fix Released
|
High
|
Ubuntu Security Team |
Bug Description
With the recent security update to 4.3.8 on Ubuntu 14.04 some Mac OS X 10.11 were unable to connect to shares. The shares were still accessible fine via Windows 10 machines.
Samba versions that broke: 2:4.3.8+
Samba version that works: 2:4.1.6+
The error message (If you turn up log level to 2) in the /log.IPADDRESSO
[2016/04/19 14:06:15.555081, 2] ../source3/
check_ntlm_
[2016/04/19 14:06:15.555119, 1] ../auth/
ntlmssp_
[2016/04/19 14:06:15.555134, 1] ../lib/
[0000] hex removed`
[2016/04/19 14:06:15.555163, 1] ../lib/
[0000] hex removed
[2016/04/19 14:06:15.555190, 2] ../auth/
SPNEGO login failed: NT_STATUS_
This seems very similar to https://<email address hidden>
The Samba config is a very simple one, with all users just connecting as guest. Some excerpts:
map to guest = bad user
[files]
public = yes
delete readonly = yes
writeable = yes
path = /removed/
Workaround. Reverting packages worked, but is complicated, make yourself root- sudo -i (because you can break pam!).
Download needed packages from:
https:/
https:/
You likely should have packages libkdc2-heimdal and libhdb9-heimdal in /var/cache/
(something like)
wget https:/
Then sudo dpkg -i *.deb them. Then go through and fix any remaining missing packages, unconfigured packages.
Changed in samba (Debian): | |
status: | Unknown → New |
Changed in samba (Ubuntu): | |
assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
importance: | Undecided → High |
Changed in samba (Debian): | |
status: | New → Fix Released |
Changed in samba (CentOS): | |
importance: | Unknown → Undecided |
status: | Unknown → Fix Released |
Description of problem:
After upgrading to new samba packages, OS X clients cannot authenticate as guests making local public network shares inaccessible.
Version-Release number of selected component (if applicable):
Apr 18 08:14:06 Updated: samba-libs- 4.2.10- 6.el7_2. x86_64 tools-4. 2.10-6. el7_2.x86_ 64 4.2.10- 6.el7_2. noarch libs-4. 2.10-6. el7_2.x86_ 64 libs-4. 2.10-6. el7_2.x86_ 64 2.10-6. el7_2.x86_ 64
Apr 18 08:14:07 Updated: samba-common-
Apr 18 08:14:07 Updated: samba-common-
Apr 18 08:14:07 Updated: samba-client-
Apr 18 08:14:07 Updated: samba-common-
Apr 18 08:14:09 Updated: samba-4.
How reproducible:
Immediately after upgrade without any configuration changes. Windows and Linux clients can mount and work with the shares as usual.
Steps to Reproduce:
1. Upgrade to latest EL 7.2 samba packages
2. Try to mount a guest mountable network share using OS X Yosemite
Actual results:
OS X clients fail to mount with a generic error: 'There was a problem connecting to the server "<address>".'
Expected results:
Share mountable and browsable.
Additional info:
First encounter on production CentOS 7 server. Downgrading back to following packages works around the problem:
Apr 18 09:08:01 Installed: samba-libs- 4.2.3-12. el7_2.x86_ 64 tools-4. 2.3-12. el7_2.x86_ 64 4.2.3-12. el7_2.noarch libs-4. 2.3-12. el7_2.x86_ 64 libs-4. 2.3-12. el7_2.x86_ 64 2.3-12. el7_2.x86_ 64
Apr 18 09:08:01 Installed: samba-common-
Apr 18 09:08:01 Installed: samba-common-
Apr 18 09:08:02 Installed: samba-client-
Apr 18 09:08:02 Installed: samba-common-
Apr 18 09:08:02 Installed: samba-4.
I have confirmed this on up-to-date RHEL 7 VM with the developer license using identical package versions and epochs including downgrading.