Bug 46809 - Errors accessing Windows services (RDP, shares, MySQL) in UCS 4.3 domain (Samba 4.7)
Errors accessing Windows services (RDP, shares, MySQL) in UCS 4.3 domain (Sam...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Arvid Requate
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-11 19:05 CEST by Arvid Requate
Modified: 2018-04-18 13:52 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.429
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number: 2018040421001484, 2018032121001248, 2018031521000251
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2018-04-11 19:05:05 CEST
We have a couple of reports about connection errors to Windows services like RDP, MySQL and Windows file share access.


It looks like the firewall of the UCS 4.3 Samba/AD DCs is blocking TCP ports dynamically allocated by Samba 4.7. The following adjustment fixed the issues (at least RDP and share access):

=============================================================================
ucr set \                                                                       
     security/packetfilter/package/univention-samba4/tcp/49152:65535/all="ACCEPT" \
     security/packetfilter/package/univention-samba4/tcp/49152:65535/all/en="Dynamic RPC Ports (Samba)"

ucr unset \                                                                     
     security/packetfilter/package/univention-samba4/tcp/49152/all \
     security/packetfilter/package/univention-samba4/tcp/49152/all/en

service univention-firewall restart
=============================================================================

Please note that this needs to be adjusted on all UCS 4.3 Samba/AD DCs.
Comment 1 Arvid Requate univentionstaff 2018-04-11 19:16:31 CEST
29178dc7c3 | Fix
6cdf97d17d | Advisory
Comment 2 Felix Botner univentionstaff 2018-04-12 15:09:25 CEST
OK - access of windows share via ip 
OK - rdp to from windows to other windows client
OK - YAML
Comment 3 Arvid Requate univentionstaff 2018-04-18 13:52:02 CEST
<http://errata.software-univention.de/ucs/4.3/15.html>