Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.157. samba3x

Updated samba3x packages that fix a bug are now available for Red Hat Enterprise Linux 5.
Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

Bug Fix

BZ#841374
Previously, newer versions of the Microsoft Windows operating system could not properly set Access Control Lists (ACLs) on a Samba share. Consequently, the "Access denied" error messages were returned and the share could not be configured in this regard. This bug has been fixed and the ACLs can now be fully managed as expected.
All users of samba3x are advised to upgrade to these updated packages, which fix this bug.
Updated samba3x packages that fix multiple bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

Note

The samba3x packages have been upgraded to upstream version 3.6, which provides a number of bug fixes and enhancements over the previous version. In particular, support for the SMB2 protocol has been added. SMB2 support can be enabled with the following parameter in the [global] section of the /etc/samba/smb.conf file:
max protocol = SMB2

Warning

Warning, the updated samba3x packages also change the way ID mapping is configured. Users are advised to modify their existing Samba configuration files. For more information, refer to the Release Notes for Samba 3.6.0, the smb.conf man page and the individual IDMAP backend man pages.

Note

Also note that several Trivial Database (TDB) files have been updated and printing support has been rewritten to use the actual registry implementation. This means that all TDB files are upgraded as soon as you start the new Samba server daemon (smbd) version. You cannot downgrade to an older samba3x version unless you have backups of the TDB files. (BZ#803457, BZ#839383).

Bug Fixes

BZ#738185
When the connection to a Domain Controller was lost, for example if a network cable was removed, the Remote Procedure Call (RPC) connection timed out and was not reset. Consequently, all subsequent RPC calls to the Domain Controller timed out. With this update, the Winbind daemon (winbindd) now resets the connection if an RPC timeout occurs. As a result, the connection is reestablished and new RPC commands can be issued.
BZ#782168
The man page for the Winbind information query tool wbinfo described the -h switch which is not present. The documentation has been changed and the options are now correctly documented.
BZ#790384
Samba sometimes generated many debug messages such as Could not find child XXXX -- ignoring that were written to syslog. Consequently, although these messages are not critical, syslog could be flooded by the large amount of these messages. Samba has been fixed to no longer issue this message to syslog automatically and syslog is no longer flooded by these Samba debug messages.
BZ#790845
When using Samba with the password server configuration setting and when the given name for that parameter was a hostname that resolved to multiple IP addresses, Samba did not correctly handle the returned addresses. Consequently, Samba failed to use one of the password servers and terminated unexpectedly. This update fixes Samba to correctly process multiple IP addresses when using a hostname with the password server parameter. Samba now works correctly with multiple IP addresses in the scenario described.
BZ#816871
If winbind normalize names = yes was set and winbind separator was set to something other than the default separator, users were unable to login to Samba. The relevant check for the winbind separator has been changed to read it from the config file instead of using a hardcoded value. As a result, users are able to login to Samba again in the scenario described.
BZ#802546
Packages requiring samba did not recognize samba3x as an updated samba version. With this update, dependent packages recognize samba3x as the new samba version.
BZ#828113, BZ#830944
Due to a regression, the previous release changed the behavior of resolving domain local groups and the Winbind daemon (winbindd) could not find them. The original behavior for resolving the domain local groups has been restored. As a result, the ID command resolves domain local groups in its own domain correctly again.
BZ#838892
Samba 3.6 failed to migrate existing printers from the Trivial Database (TDB) to the registry due to a Network Data Representation (NDR) alignment problem. Consequently, printers from 3.5 could not be migrated and the Samba server daemon (smbd) stopped with an error. The NDR parser has been fixed to correctly parse printing entries from Samba 3.5. As a result, printers are correctly migrated from 3.5 TDB to 3.6 registry.
BZ#855831
When there was no connection to the trusted domain and an attempt was made to lookup a user, a null-pointer dereference occurred. Consequently, the Winbind daemon (winbindd) terminated unexpectedly with a segmentation fault. The code has been improved to make sure that the connection to the domain controller is set up before attempting to resolve a username. As a result, Winbind no longer crashes and logs useful error messages in the scenario described.
Users of samba3x should upgrade to these updated packages, which fix these bugs and add these enhancements.
Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

Security Fix

CVE-2012-1182
A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user.
Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically.