First Last Prev Next    This bug is not in your last search results.
Bug 54320 - (4.4) No access to home share on member servers
(4.4) No access to home share on member servers
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.4
amd64 Linux
: P5 normal (vote)
: UCS 4.4-8-errata
Assigned To: Julia Bremer
Erik Damrose
:
Depends on: 54014 54200
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-11 09:13 CET by Julia Bremer
Modified: 2022-01-19 13:44 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Workaround is available
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2022-01-11 09:13:36 CET 
Clone for 4.4 port
+++ This bug was initially created as a clone of Bug #54200 +++

After upgrading from 4.4 errata 1001 to errata 1111, access to home shares is impossible if they are created on member servers. Home shares on Main and Backup DC are working correctly. After granting access to the group Domain Users, access works.

Every other share only accessible for a specific user cannot be accessed with this user if the share exists on a member server.

Users can connect to their home shares via Windows regardless of their location. The above problem only affects Linux clients. I tried to connect with Linux clients and Univention Servers, that belong to another domain.

I created a new testing domain consisting of Main and Backup DC and a member server and could reproduce this problem. 

https://help.univention.com/t/after-update-partially-no-access-to-home-shares/18943
Comment 1 Julia Bremer univentionstaff 2022-01-12 09:29:18 CET 
I removed the old 98_CVE-2020-25717-add-local-nt-token-from-nss.quilt
and instead applied the newer upstream patch that fixes this issue without needing extra configuration in the smb.conf.
https://gitlab.com/samba-team/samba/-/merge_requests/2253

This also fixes the problem when accessing homeshares via NTLM that is described in this bug.

http://jenkins.knut.univention.de:8080/job/UCS-4.4/job/UCS-4.4-8/job/AutotestJoin/lastCompletedBuild/SambaVersion=s4,Systemrolle=member/testReport/53_samba-common/
The test we added that reproduced this problem was successful.


--------------------
Package: samba
Version: 2:4.10.18-1A~4.4.0.202201111706
Branch: ucs_4.4-0
Scope: errata4.4-8
r19499 Bug #54320: Include libcli/security/dom_sid.h
r19497 Bug #54320: Updated patch for the homeshare access on memberservers

Package: univention-samba
Version: 13.0.0-18A~4.4.0.202201111812
Branch: ucs_4.4-0
Scope: errata4.4-8
User: jbremer

d06b75d350 Bug #54320: advisory
920245f4da fixup! Bug #54320: Remove username_map_script, not needed any more
05f55dcb71 Bug #54320: Remove username_map_script, not needed any more
Comment 2 Erik Damrose univentionstaff 2022-01-13 11:08:23 CET 
OK: All 46share_access_permissions tests succeed
OK: Patch
OK: Remove usermapping script from univention-samba package and its entry from smb.conf
OK: Yaml
Verified
First Last Prev Next    This bug is not in your last search results.