- Previously, newer versions of the Microsoft Windows operating system could not properly set Access Control Lists (ACLs) on a Samba share. Consequently, the "Access denied" error messages were returned and the share could not be configured in this regard. This bug has been fixed and the ACLs can now be fully managed as expected.
max protocol = SMB2
smb.confman page and the individual IDMAP backend man pages.
smbd) version. You cannot downgrade to an older samba3x version unless you have backups of the TDB files. (BZ#803457, BZ#839383).
- When the connection to a Domain Controller was lost, for example if a network cable was removed, the Remote Procedure Call (RPC) connection timed out and was not reset. Consequently, all subsequent RPC calls to the Domain Controller timed out. With this update, the Winbind daemon (winbindd) now resets the connection if an RPC timeout occurs. As a result, the connection is reestablished and new RPC commands can be issued.
- The man page for the Winbind information query tool “wbinfo” described the “-h” switch which is not present. The documentation has been changed and the options are now correctly documented.
- Samba sometimes generated many debug messages such as “Could not find child XXXX -- ignoring” that were written to syslog. Consequently, although these messages are not critical, syslog could be flooded by the large amount of these messages. Samba has been fixed to no longer issue this message to syslog automatically and syslog is no longer flooded by these Samba debug messages.
- When using Samba with the “password server” configuration setting and when the given name for that parameter was a hostname that resolved to multiple IP addresses, Samba did not correctly handle the returned addresses. Consequently, Samba failed to use one of the password servers and terminated unexpectedly. This update fixes Samba to correctly process multiple IP addresses when using a hostname with the “password server” parameter. Samba now works correctly with multiple IP addresses in the scenario described.
- If “winbind normalize names = yes” was set and “winbind separator” was set to something other than the default separator, users were unable to login to Samba. The relevant check for the winbind separator has been changed to read it from the config file instead of using a hardcoded value. As a result, users are able to login to Samba again in the scenario described.
- Packages requiring samba did not recognize samba3x as an updated samba version. With this update, dependent packages recognize samba3x as the new samba version.
- BZ#828113, BZ#830944
- Due to a regression, the previous release changed the behavior of resolving domain local groups and the Winbind daemon (winbindd) could not find them. The original behavior for resolving the domain local groups has been restored. As a result, the ID command resolves domain local groups in its own domain correctly again.
- Samba 3.6 failed to migrate existing printers from the Trivial Database (TDB) to the registry due to a Network Data Representation (NDR) alignment problem. Consequently, printers from 3.5 could not be migrated and the Samba server daemon (smbd) stopped with an error. The NDR parser has been fixed to correctly parse printing entries from Samba 3.5. As a result, printers are correctly migrated from 3.5 TDB to 3.6 registry.
- When there was no connection to the trusted domain and an attempt was made to lookup a user, a null-pointer dereference occurred. Consequently, the Winbind daemon (winbindd) terminated unexpectedly with a segmentation fault. The code has been improved to make sure that the connection to the domain controller is set up before attempting to resolve a username. As a result, Winbind no longer crashes and logs useful error messages in the scenario described.
- A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user.