Bug 46809 – Errors accessing Windows services (RDP, shares, MySQL) in UCS 4.3 domain (Samba 4.7)

Bug 46809 - Errors accessing Windows services (RDP, shares, MySQL) in UCS 4.3 domain (Samba 4.7)


Summary:	Errors accessing Windows services (RDP, shares, MySQL) in UCS 4.3 domain (Sam...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3-0-errata
Assigned To:	Arvid Requate
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-04-11 19:05 CEST by Arvid Requate
Modified:	2018-04-18 13:52 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.429
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2018040421001484, 2018032121001248, 2018031521000251
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2018-04-11 19:05:05 CEST

We have a couple of reports about connection errors to Windows services like RDP, MySQL and Windows file share access.


It looks like the firewall of the UCS 4.3 Samba/AD DCs is blocking TCP ports dynamically allocated by Samba 4.7. The following adjustment fixed the issues (at least RDP and share access):

=============================================================================
ucr set \                                                                       
     security/packetfilter/package/univention-samba4/tcp/49152:65535/all="ACCEPT" \
     security/packetfilter/package/univention-samba4/tcp/49152:65535/all/en="Dynamic RPC Ports (Samba)"

ucr unset \                                                                     
     security/packetfilter/package/univention-samba4/tcp/49152/all \
     security/packetfilter/package/univention-samba4/tcp/49152/all/en

service univention-firewall restart
=============================================================================

Please note that this needs to be adjusted on all UCS 4.3 Samba/AD DCs.

Comment 1 Arvid Requate

2018-04-11 19:16:31 CEST

29178dc7c3 | Fix
6cdf97d17d | Advisory

Comment 2 Felix Botner

2018-04-12 15:09:25 CEST

OK - access of windows share via ip 
OK - rdp to from windows to other windows client
OK - YAML

Comment 3 Arvid Requate

2018-04-18 13:52:02 CEST

<http://errata.software-univention.de/ucs/4.3/15.html>