aru Posted March 8, 2006 Report Share Posted March 8, 2006 Mandriva Advisories MDKA-2006:021 : samba Updated samba packages fix bugs March 7th, 2006 Samba provides SMB/CIFS services (such as file and printer sharing) used by clients compatible with Microsoft Windows. This update introduces a new version of Samba for CS3.0 users. Main changes include: - fix for password change when using the LDAP backend problem introduced in the last update (3.0.10); - update to version 3.0.14a - update of the vscan layer to version 0.3.6 - update of smbldap-tools to version 0.8.7 - removal of sql authentication modules Details ======= a) Outdated samba.schema file in the openldap-servers package The samba.schema file from the previous openldap-servers package did not include support for the password history feature samba uses. When using the LDAP backend, this would cause password changes to fail. To fix this, a new openldap-servers package is being provided with the correct samba.schema file. b) Default ACLs in openldap-servers The /etc/openldap/slapd.access.conf file from the openldap-servers package has been updated to deal with the new samba password history attribute. The post-installation procedure of the package will automatically make the necessary adjustments to that file. c) Samba 3.0.14a highlights include: - new privilege model which allows assignment of certain privileges to users and groups so that the administrator account is no longer needed for certain operations. Please see the Samba-HOWTO-Collection for details. - large directory support: samba now can handle large directories with many thousand of files much better. See the Samba-HOWTO-Collection for details. - fixes for compatibility issues between winbind and w2k3-sp1 domain controllers For more detailed changes, please refer to the WHATSNEW.txt file in the samba-doc package. d) smbldap-tools details A missing dependency on perl-IO-Socket-SSL has been added which affects sites using SSL/TLS between smbldap-tools and the LDAP server. Additionally, a new dependency had to be added: perl-Crypt-SmbHash, which is being supplied with this update. Finally, smbldap-tools has been moved into its own package. The upgrade should pull in this new package automatically. e) mount-cifs The mount.cifs utility has been moved to a package of its own called "mount-cifs". Upgrades should automatically pull in this new package if it was being used before. f) SQL modules are deprecated The sql authentication modules (pgsql and mysql) have been removed due to lack of maintenance and several serious issues. Please see https://bugzilla.samba.org/show_bug.cgi?id=3375 for an overview of the problems and the reasons for why its support has been dropped for the time being. Upgrade issues ============== a) smbldap-tools smbldap-tools has been updated to version 0.8.7, which is the version that comes with samba-3.0.14a.This new version has a different configuration layout: now all configuration files are stored under the /etc/smbldap-tools directory. The upgrade process will try to convert any existing configuration to this new format, but at least the following parameters will have to be reviewed in the /etc/smbldap-tools/smbldap.conf file: - ldapTLS may be set to 1 regardless of how ldapSSL was set in the previous configuration; - sambaUnixIdPooldn may still be using the default "example" domain in it After reviewing the /etc/smbldap-tools/smbldap.conf configuration file for any remaining issues, the "smbldap-populate" script has to be rerun in order to add new attributes to the directory server. This will complete the smbldap-tools migration process. If the smbldap-tools configuration file is not converted automatically, please run the script /usr/share/samba/scripts/migrate-smbldap manually and then proceed to the review of the /etc/smbldap-tools-foo configuration file. Known issues ============ Some smbldap-tools configuration directives can not be left empty, even though the configuration file says so. These are: - _userSmbHome - _userHomeDrive - _userProfile This may be fixed in a future update. The released versions of Mandriva GNU/Linux affected are: CS3.0Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:021 Other references: https://bugzilla.samba.org/show_bug.cgi?id=3375 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts