Univention Bugzilla – Bug 54320
(4.4) No access to home share on member servers
Last modified: 2022-01-19 13:44:24 CET
Clone for 4.4 port +++ This bug was initially created as a clone of Bug #54200 +++ After upgrading from 4.4 errata 1001 to errata 1111, access to home shares is impossible if they are created on member servers. Home shares on Main and Backup DC are working correctly. After granting access to the group Domain Users, access works. Every other share only accessible for a specific user cannot be accessed with this user if the share exists on a member server. Users can connect to their home shares via Windows regardless of their location. The above problem only affects Linux clients. I tried to connect with Linux clients and Univention Servers, that belong to another domain. I created a new testing domain consisting of Main and Backup DC and a member server and could reproduce this problem. https://help.univention.com/t/after-update-partially-no-access-to-home-shares/18943
I removed the old 98_CVE-2020-25717-add-local-nt-token-from-nss.quilt and instead applied the newer upstream patch that fixes this issue without needing extra configuration in the smb.conf. https://gitlab.com/samba-team/samba/-/merge_requests/2253 This also fixes the problem when accessing homeshares via NTLM that is described in this bug. http://jenkins.knut.univention.de:8080/job/UCS-4.4/job/UCS-4.4-8/job/AutotestJoin/lastCompletedBuild/SambaVersion=s4,Systemrolle=member/testReport/53_samba-common/ The test we added that reproduced this problem was successful. -------------------- Package: samba Version: 2:4.10.18-1A~4.4.0.202201111706 Branch: ucs_4.4-0 Scope: errata4.4-8 r19499 Bug #54320: Include libcli/security/dom_sid.h r19497 Bug #54320: Updated patch for the homeshare access on memberservers Package: univention-samba Version: 13.0.0-18A~4.4.0.202201111812 Branch: ucs_4.4-0 Scope: errata4.4-8 User: jbremer d06b75d350 Bug #54320: advisory 920245f4da fixup! Bug #54320: Remove username_map_script, not needed any more 05f55dcb71 Bug #54320: Remove username_map_script, not needed any more
OK: All 46share_access_permissions tests succeed OK: Patch OK: Remove usermapping script from univention-samba package and its entry from smb.conf OK: Yaml Verified
<https://errata.software-univention.de/#/?erratum=4.4x1155> <https://errata.software-univention.de/#/?erratum=4.4x1157>