Your message dated Sun, 29 May 2022 18:02:22 +0000
with message-id <[email protected]>
and subject line Bug#1009855: fixed in samba 2:4.13.13+dfsg-1~deb11u4
has caused the Debian Bug report #1009855,
regarding samba: Panic or segfault
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1009855: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009855
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Version: 2:4.13.13+dfsg-1~deb11u3
Severity: high
Dear Maintainer,
I have two debian servers. The one is SAMBA AD and the second works as
fileserver with user data.
I upgraded samba to these packages on weekend:
libnss-winbind 2:4.13.13+dfsg-1~deb11u3
libpam-winbind 2:4.13.13+dfsg-1~deb11u3
libsmbclient 2:4.13.13+dfsg-1~deb11u3
libwbclient0 2:4.13.13+dfsg-1~deb11u3
python3-samba 2:4.13.13+dfsg-1~deb11u3
samba 2:4.13.13+dfsg-1~deb11u3
samba-common 2:4.13.13+dfsg-1~deb11u3
samba-common-bin 2:4.13.13+dfsg-1~deb11u3
samba-dsdb-modules 2:4.13.13+dfsg-1~deb11u3
samba-libs 2:4.13.13+dfsg-1~deb11u3
samba-vfs-modules 2:4.13.13+dfsg-1~deb11u3
smbclient 2:4.13.13+dfsg-1~deb11u3
winbind 2:4.13.13+dfsg-1~deb11u3
Processes starts to panic very often on fileserver after upgrade. One
example:
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.569350, 0] ../../lib/dbwrap/dbwrap.c:190(dbwrap_lock_order_unlock)
dub 19 11:36:16 fileserver smbd_audit[22624]: dbwrap_lock_order_unlock:
db /run/samba/locking.tdb at order 1 unlocked
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.569427, 0] ../../lib/util/fault.c:159(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]:
===============================================================
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.569460, 0] ../../lib/util/fault.c:160(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]: INTERNAL ERROR: lock
order violation in pid 22624 (4.13.13-Debian)
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.569489, 0] ../../lib/util/fault.c:164(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]: If you are running a
recent Samba version, and if you think this problem is not yet fixed in
the latest versions, please consider reporting this bug, see
https://wiki.samba.org/index.php/Bug_Reporting
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.569518, 0] ../../lib/util/fault.c:169(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]:
===============================================================
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.569543, 0] ../../lib/util/fault.c:170(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]: PANIC (pid 22624): lock
order violation in 4.13.13-Debian
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.569902, 0]
../../source3/locking/share_mode_lock.c:980(share_mode_lock_destructor)
dub 19 11:36:16 fileserver smbd_audit[22618]:
share_mode_lock_destructor: g_lock_unlock failed: NT_STATUS_NOT_FOUND
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.569949, 0] ../../lib/util/fault.c:159(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22618]:
===============================================================
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.569980, 0] ../../lib/util/fault.c:160(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22618]: INTERNAL ERROR: Could
not unlock share mode
dub 19 11:36:16 fileserver smbd_audit[22618]: in pid 22618
(4.13.13-Debian)
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.570016, 0] ../../lib/util/fault.c:274(log_stack_trace)
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.570025, 0] ../../lib/util/fault.c:164(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]: BACKTRACE: 30 stack frames:
dub 19 11:36:16 fileserver smbd_audit[22618]: If you are running a
recent Samba version, and if you think this problem is not yet fixed in
the latest versions, please consider reporting this bug, see
https://wiki.samba.org/index.php/Bug_Reporting
dub 19 11:36:16 fileserver smbd_audit[22624]: #0
/usr/lib/i386-linux-gnu/libsamba-util.so.0(log_stack_trace+0x30)
[0xb7b4e140]
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.570062, 0] ../../lib/util/fault.c:169(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]: #1
/usr/lib/i386-linux-gnu/libsamba-util.so.0(smb_panic_log+0x76) [0xb7b4e296]
dub 19 11:36:16 fileserver smbd_audit[22618]:
===============================================================
dub 19 11:36:16 fileserver smbd_audit[22624]: #2
/usr/lib/i386-linux-gnu/libsamba-util.so.0(smb_panic+0x31) [0xb7b4e431]
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.570099, 0] ../../lib/util/fault.c:170(smb_panic_log)
dub 19 11:36:16 fileserver smbd_audit[22624]: #3
/usr/lib/i386-linux-gnu/samba/libdbwrap.so.0(dbwrap_lock_order_unlock+0xd8)
[0xb75a40f8]
dub 19 11:36:16 fileserver smbd_audit[22618]: PANIC (pid 22618): Could
not unlock share mode
dub 19 11:36:16 fileserver smbd_audit[22618]: in 4.13.13-Debian
dub 19 11:36:16 fileserver smbd_audit[22624]: #4
/usr/lib/i386-linux-gnu/samba/liblibsmb.so.0(g_lock_unlock+0xb5)
[0xb71645c5]
dub 19 11:36:16 fileserver smbd_audit[22624]: #5
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(get_share_mode_lock+0x2be)
[0xb7c418ae]
dub 19 11:36:16 fileserver smbd_audit[22624]: #6
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(get_existing_share_mode_lock+0x36)
[0xb7c35b26]
dub 19 11:36:16 fileserver smbd_audit[22624]: #7
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(+0x20887e) [0xb7dc487e]
dub 19 11:36:16 fileserver smbd_audit[22624]: #8
/usr/lib/i386-linux-gnu/samba/liblibsmb.so.0(+0x3b06e) [0xb716f06e]
dub 19 11:36:16 fileserver smbd_audit[22624]: #9
/usr/lib/i386-linux-gnu/samba/liblibsmb.so.0(+0x3c221) [0xb7170221]
dub 19 11:36:16 fileserver smbd_audit[22624]: #10
/usr/lib/i386-linux-gnu/samba/libmessages-dgm.so.0(+0x587a) [0xb733987a]
dub 19 11:36:16 fileserver smbd_audit[22624]: #11
/usr/lib/i386-linux-gnu/samba/libmessages-dgm.so.0(+0x3a91) [0xb7337a91]
dub 19 11:36:16 fileserver smbd_audit[22624]: #12
/usr/lib/i386-linux-gnu/samba/libmessages-dgm.so.0(+0x3ca8) [0xb7337ca8]
dub 19 11:36:16 fileserver smbd_audit[22624]: #13
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x78)
[0xb77d1878]
dub 19 11:36:16 fileserver smbd_audit[22624]: #14
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xd1e8) [0xb77d81e8]
dub 19 11:36:16 fileserver smbd_audit[22624]: #15
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb1f2) [0xb77d61f2]
dub 19 11:36:16 fileserver smbd_audit[22624]: #16
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_loop_once+0x84) [0xb77d0f94]
dub 19 11:36:16 fileserver smbd_audit[22624]: #17
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x2a)
[0xb77d121a]
dub 19 11:36:16 fileserver smbd_audit[22624]: #18
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb182) [0xb77d6182]
dub 19 11:36:16 fileserver smbd_audit[22624]: #19
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x8e3)
[0xb7d80343]
dub 19 11:36:16 fileserver smbd_audit[22624]: #20
/usr/sbin/smbd(+0xe040) [0x44c040]
dub 19 11:36:16 fileserver smbd_audit[22624]: #21
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x78)
[0xb77d1878]
dub 19 11:36:16 fileserver smbd_audit[22624]: #22
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xd1e8) [0xb77d81e8]
dub 19 11:36:16 fileserver smbd_audit[22624]: #23
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb1f2) [0xb77d61f2]
dub 19 11:36:16 fileserver smbd_audit[22624]: #24
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_loop_once+0x84) [0xb77d0f94]
dub 19 11:36:16 fileserver smbd_audit[22624]: #25
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x2a)
[0xb77d121a]
dub 19 11:36:16 fileserver smbd_audit[22624]: #26
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb182) [0xb77d6182]
dub 19 11:36:16 fileserver smbd_audit[22624]: #27
/usr/sbin/smbd(main+0x2275) [0x4451c5]
dub 19 11:36:16 fileserver smbd_audit[22624]: #28
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0x106) [0xb75cee46]
dub 19 11:36:16 fileserver smbd_audit[22624]: #29
/usr/sbin/smbd(_start+0x31) [0x4453b1]
dub 19 11:36:16 fileserver smbd_audit[22624]: [2022/04/19
11:36:16.570463, 0] ../../source3/lib/util.c:838(smb_panic_s3)
dub 19 11:36:16 fileserver smbd_audit[22624]: smb_panic(): calling
panic action [/usr/share/samba/panic-action 22624]
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.570674, 0] ../../lib/util/fault.c:274(log_stack_trace)
dub 19 11:36:16 fileserver smbd_audit[22618]: BACKTRACE: 29 stack frames:
dub 19 11:36:16 fileserver smbd_audit[22618]: #0
/usr/lib/i386-linux-gnu/libsamba-util.so.0(log_stack_trace+0x30)
[0xb7b4e140]
dub 19 11:36:16 fileserver smbd_audit[22618]: #1
/usr/lib/i386-linux-gnu/libsamba-util.so.0(smb_panic_log+0x76) [0xb7b4e296]
dub 19 11:36:16 fileserver smbd_audit[22618]: #2
/usr/lib/i386-linux-gnu/libsamba-util.so.0(smb_panic+0x31) [0xb7b4e431]
dub 19 11:36:16 fileserver smbd_audit[22618]: #3
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(+0x83287) [0xb7c3f287]
dub 19 11:36:16 fileserver smbd_audit[22618]: #4
/usr/lib/i386-linux-gnu/libtalloc.so.2(+0x36ec) [0xb77e56ec]
dub 19 11:36:16 fileserver smbd_audit[22618]: #5
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(+0x1a20d0) [0xb7d5e0d0]
dub 19 11:36:16 fileserver smbd_audit[22618]: #6
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(create_file_default+0x35c)
[0xb7d5f5dc]
dub 19 11:36:16 fileserver smbd_audit[22618]: #7
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(+0xbc819) [0xb7c78819]
dub 19 11:36:16 fileserver smbd_audit[22618]: #8
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(smb_vfs_call_create_file+0xf8)
[0xb7d66ca8]
dub 19 11:36:16 fileserver smbd_audit[22618]: #9
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(smbd_smb2_request_process_create+0xcc6)
[0xb7d9d166]
dub 19 11:36:16 fileserver smbd_audit[22618]: #10
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(smbd_smb2_request_dispatch+0xf18)
[0xb7d93508]
dub 19 11:36:16 fileserver smbd_audit[22618]: #11
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(+0x1d807c) [0xb7d9407c]
dub 19 11:36:16 fileserver smbd_audit[22618]: #12
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x78)
[0xb77d1878]
dub 19 11:36:16 fileserver smbd_audit[22618]: #13
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xd1e8) [0xb77d81e8]
dub 19 11:36:16 fileserver smbd_audit[22618]: #14
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb1f2) [0xb77d61f2]
dub 19 11:36:16 fileserver smbd_audit[22618]: #15
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_loop_once+0x84) [0xb77d0f94]
dub 19 11:36:16 fileserver smbd_audit[22618]: #16
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x2a)
[0xb77d121a]
dub 19 11:36:16 fileserver smbd_audit[22618]: #17
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb182) [0xb77d6182]
dub 19 11:36:16 fileserver smbd_audit[22618]: #18
/usr/lib/i386-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x8e3)
[0xb7d80343]
dub 19 11:36:16 fileserver smbd_audit[22618]: #19
/usr/sbin/smbd(+0xe040) [0x44c040]
dub 19 11:36:16 fileserver smbd_audit[22618]: #20
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x78)
[0xb77d1878]
dub 19 11:36:16 fileserver smbd_audit[22618]: #21
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xd1e8) [0xb77d81e8]
dub 19 11:36:16 fileserver smbd_audit[22618]: #22
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb1f2) [0xb77d61f2]
dub 19 11:36:16 fileserver smbd_audit[22618]: #23
/usr/lib/i386-linux-gnu/libtevent.so.0(_tevent_loop_once+0x84) [0xb77d0f94]
dub 19 11:36:16 fileserver smbd_audit[22618]: #24
/usr/lib/i386-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x2a)
[0xb77d121a]
dub 19 11:36:16 fileserver smbd_audit[22618]: #25
/usr/lib/i386-linux-gnu/libtevent.so.0(+0xb182) [0xb77d6182]
dub 19 11:36:16 fileserver smbd_audit[22618]: #26
/usr/sbin/smbd(main+0x2275) [0x4451c5]
dub 19 11:36:16 fileserver smbd_audit[22618]: #27
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0x106) [0xb75cee46]
dub 19 11:36:16 fileserver smbd_audit[22618]: #28
/usr/sbin/smbd(_start+0x31) [0x4453b1]
dub 19 11:36:16 fileserver smbd_audit[22618]: [2022/04/19
11:36:16.571049, 0] ../../source3/lib/util.c:838(smb_panic_s3)
dub 19 11:36:16 fileserver smbd_audit[22618]: smb_panic(): calling
panic action [/usr/share/samba/panic-action 22618]
dub 19 11:36:17 fileserver smbd_audit[22618]: [2022/04/19
11:36:17.540353, 0] ../../source3/lib/util.c:845(smb_panic_s3)
dub 19 11:36:17 fileserver smbd_audit[22618]: smb_panic(): action
returned status 0
dub 19 11:36:17 fileserver smbd_audit[22618]: [2022/04/19
11:36:17.540437, 0] ../../source3/lib/dumpcore.c:315(dump_core)
dub 19 11:36:17 fileserver smbd_audit[22618]: dumping core in
/var/log/samba/cores/smbd
dub 19 11:36:17 fileserver smbd_audit[22618]:
dub 19 11:36:17 fileserver smbd_audit[22624]: [2022/04/19
11:36:17.541866, 0] ../../source3/lib/util.c:845(smb_panic_s3)
dub 19 11:36:17 fileserver smbd_audit[22624]: smb_panic(): action
returned status 0
dub 19 11:36:17 fileserver smbd_audit[22624]: [2022/04/19
11:36:17.541940, 0] ../../source3/lib/dumpcore.c:315(dump_core)
dub 19 11:36:17 fileserver smbd_audit[22624]: dumping core in
/var/log/samba/cores/smbd
Due to massive process killing (panic action) it is very slow to get to
shares and work with them. I have 5-9 panic mail per minute :-(
I already try to stop samba, delete all *.tdb files from /run/samba.
After samba start they succesfully created again. But it not helping.
I added part :
oplocks = False
level2 oplocks = False
to some shares and it helped. These shares works as fast as usual but
processes are still panicing.
Due to this server is virtualized, I move it to another physical server
to test HW problem. Still panic action. So not HW problem.
I founded similar problem on
https://forums.debian.net/viewtopic.php?f=10&t=151765 but there is no
solution.
Do you have any advise what to do?
I really appreciate your help.
-- Package-specific info:
* /etc/samba/smb.conf present, and attached
* /var/lib/samba/dhcp.conf not present
-- System Information:
Debian Release: 11.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: i386 (i686)
Kernel: Linux 5.10.0-13-686-pae (SMP w/4 CPU threads)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages samba depends on:
ii adduser 3.118
ii dpkg 1.20.9
ii init-system-helpers 1.60
ii libbsd0 0.11.3-1
ii libc6 2.31-13+deb11u3
ii libgnutls30 3.7.1-5
ii libldb2 2:2.2.3-2~deb11u1
ii libpam-modules 1.4.0-9+deb11u1
ii libpam-runtime 1.4.0-9+deb11u1
ii libpopt0 1.18-2
ii libpython3.9 3.9.2-1
ii libtalloc2 2.3.1-2+b1
ii libtasn1-6 4.16.0-2
ii libtdb1 1.4.3-1+b1
ii libtevent0 0.10.2-1
ii libwbclient0 2:4.13.13+dfsg-1~deb11u3
ii lsb-base 11.1.0
ii procps 2:3.3.17-5
ii python3 3.9.2-3
ii python3-dnspython 2.0.0-1
ii python3-samba 2:4.13.13+dfsg-1~deb11u3
ii samba-common 2:4.13.13+dfsg-1~deb11u3
ii samba-common-bin 2:4.13.13+dfsg-1~deb11u3
ii samba-libs 2:4.13.13+dfsg-1~deb11u3
ii tdb-tools 1.4.3-1+b1
Versions of packages samba recommends:
ii attr 1:2.4.48-6
ii logrotate 3.18.0-2
ii python3-markdown 3.3.4-1
ii samba-dsdb-modules 2:4.13.13+dfsg-1~deb11u3
ii samba-vfs-modules 2:4.13.13+dfsg-1~deb11u3
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
ii ntp 1:4.2.8p15+dfsg-1
ii smbldap-tools 0.9.11-2
pn ufw <none>
ii winbind 2:4.13.13+dfsg-1~deb11u3
-- debconf information:
samba-common/title:
samba/run_mode: daemons
samba/generate_smbpasswd: true
#======================= Global Settings =======================
[global]
security = ADS
workgroup = ZSHLOUBETIN
realm = ZSHLOUBETIN.ZSHLOUBETIN.CZ
netbios name = FILESERVER
# local master = yes
# preferred master = yes
# domain master = yes
# idmap_ldb:use rfc2307 = yes
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
log level = 1
# Cap the size of the individual log files (in KiB).
max log size = 50000
# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
# syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
# syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
#socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
SO_SNDBUF=131072 SO_KEEPALIVE
time server = Yes
Dos charset = 852
Unix charset = UTF-8
preserve case = Yes
short preserve case = Yes
case sensitive = no
map acl inherit = Yes
hide unreadable = Yes
nt acl support = yes
store dos attributes = yes
unix extensions = no
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
# Important: The ranges of the default (*) idmap config
# and the domain(s) must not overlap!
# Default idmap config used for BUILTIN and local windows accounts/groups
idmap config *:backend = tdb
idmap config *:range = 70001-80000
# idmap config for domain
idmap config ZSHLOUBETIN:backend = ad
idmap config ZSHLOUBETIN:schema_mode = rfc2307
#idmap config ZSHLOUBETIN:range = 90000-9999999
idmap config ZSHLOUBETIN:range = 200-60000
idmap config ZSHLOUBETIN:unix_nss_info = yes
# Use settings from AD for login shell and home directory
#winbind nss info = rfc2307
#winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind offline logon = yes
template homedir = /home/%U
#template shell = /bin/bash
# nechceme tisknout
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
hostname lookups = Yes
usershare path=
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
read only = no
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S
hide files = /desktop.ini/$RECYCLE.BIN/
follow symlinks = yes
wide links = yes
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
comment = Network Logon Service
path = /home/group/netlogon
guest ok = yes
read only = yes
browseable = no
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
[profiles]
comment = Users profiles
path = /home/%U/profiles
guest ok = no
browseable = no
create mask = 0600
directory mask = 0700
follow symlinks = yes
wide links = yes
;[printers]
; comment = All Printers
; browseable = no
; path = /var/spool/samba
; printable = yes
; guest ok = no
; read only = yes
; create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
;[print$]
; comment = Printer Drivers
; path = /var/lib/samba/printers
; browseable = yes
; read only = yes
; guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; read only = yes
; locking = no
; path = /cdrom
; guest ok = yes
# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
[public]
comment = Public Stuff
path = /home/group/public
valid users = @ucitele
write list = @ucitele administrator
force create mode = 0666
force directory mode = 0777
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
[install]
comment = Instalacky
path = /home/group/install
public = yes
writeable = yes
printable = no
write list = @Administrators
force create mode = 0665
force directory mode = 0775
[ucitele]
comment = Ucitele
path = /home/group/ucitele
public = yes
writeable = yes
printable = no
; write list = @ucitele
force create mode = 0660
force directory mode = 0770
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
[vyuka_soft]
comment = Vyukovy Software
path = /home/group/vyuka_soft
writeable = yes
printable = no
force create mode = 0640
force directory mode = 0750
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
[vyuka_data]
comment = Vyuka Data
path = /home/group/vyuka_data
writeable = yes
printable = no
force create mode = 0660
force directory mode = 0770
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
[management]
comment = Vedeni Skoly
path = /home/group/management
writeable = yes
printable = no
force create mode = 0660
force directory mode = 0770
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
[ucto]
comment = ucetnictvi a veci okolo
path = /home/group/ucto
writeable = yes
printable = no
force create mode = 0660
force directory mode = 0770
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
[bakalari]
comment = Bakalari
path = /home/group/bakalari
writeable = yes
printable = no
valid users = @bakalari @ucitele
force create mode = 0770
force directory mode = 0770
force group = bakalari
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
oplocks = False
level2 oplocks = False
[jidelna]
comment = Jidelna
path = /home/group/jidelna
writeable = yes
printable = no
force create mode = 0660
force directory mode = 0770
force group = jidelna
valid users = @jidelna
write list = @jidelna
; recycler
vfs object = recycle full_audit
recycle:repository = .deleted/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = No
recycle:maxsize = 100000000
recycle:exclude = *.tmp,*.temp
; audit
full_audit:failure = connect disconnect open pwrite mkdirat unlinkat fstat
full_audit:success = mkdirat renameat unlinkat open pwrite connect disconnect
full_audit:prefix = %u|%I|%m|%S
full_audit:facility = LOCAL7
full_audit:priority = NOTICE
oplocks = False
level2 oplocks = False
[userdata]
comment = data uzivatelu
path = /home/
read only = no
browseable = no
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 2:4.13.13+dfsg-1~deb11u4
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 28 May 2022 22:52:59 +0300
Source: samba
Architecture: source
Version: 2:4.13.13+dfsg-1~deb11u4
Distribution: bullseye-proposed-updates
Urgency: medium
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 953530 998423 999876 1001053 1004691 1005642 1006935 1009855
Changes:
samba (2:4.13.13+dfsg-1~deb11u4) bullseye-proposed-updates; urgency=medium
.
* fix the order of everything during build by exporting PYTHONHASHSEED=1
for waf. This should fix the broken i386 build of the last security
upload. Closes: #1006935, #1009855
* Import the left-over patches from 4.13.17 upstream stable branch:
- s3-winbindd-fix-allow-trusted-domains-no-regression.patch
https://bugzilla.samba.org/show_bug.cgi?id=14899
Closes: #999876, winbind fails to start with `allow trusted domains: no`
- IPA-DC-add-missing-checks.patch
https://bugzilla.samba.org/show_bug.cgi?id=14903
- CVE-2020-25717-s3-auth-fix-MIT-Realm-regression.patch
https://bugzilla.samba.org/show_bug.cgi?id=14922
Closes: #1001053, MIT-kerberos auth broken after 4.13.13+dfsg-1~deb11u2
- dsdb-Use-DSDB_SEARCH_SHOW_EXTENDED_DN-when-searching.patch
https://bugzilla.samba.org/show_bug.cgi?id=14656
https://bugzilla.samba.org/show_bug.cgi?id=14902
- s3-smbd-Fix-mkdir-race-condition-allows-share-escape.patch
https://bugzilla.samba.org/show_bug.cgi?id=13979
Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
* 4 patches from upstream to fix possible serious data corruption issue
with windows client cache poisoning, Closes: #1005642
https://bugzilla.samba.org/show_bug.cgi?id=14928
* two patches from upstream to fix coredump when connecting to shares
with var substitutions, Closes: #998423
https://bugzilla.samba.org/show_bug.cgi?id=14809
* samba-common-bin.postinst: mkdir /run/samba before invoking samba binaries
Closes: #953530
* remove file creation+deletion from previously applied combined patches
CVE-2021-23192-only-4.13-v2.patch & CVE-2021-3738-dsdb-crash-4.13-v03.patch
to make patch deapply happy (quilt does not notice this situation)
* d/salsa-ci.yml: target bullseye
Checksums-Sha1:
0ca51aa2da29720bbd031f3312a2cd9b1510e2e1 4034 samba_4.13.13+dfsg-1~deb11u4.dsc
3a47efcafa28d4822f1255a013a5f6e969c08fd9 473752
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
5fdee37732717fb03c62f3a1192e362e33d9dfd1 8990
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo
Checksums-Sha256:
8a73f505c06f019493f5f072849883f91225d153dc04cf29b0c842db95f2f122 4034
samba_4.13.13+dfsg-1~deb11u4.dsc
400ee978570b9e4660504dd78134cc48c49976f7779c0d91d50759194fdb577b 473752
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
acd609e8ea1a52aae286c1b4c8627786fc8e942318ab37aaf1647441929933e9 8990
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo
Files:
a6145bfa833244fe4cb634424a6788a0 4034 net optional
samba_4.13.13+dfsg-1~deb11u4.dsc
608b6314448bc0d7caf365567f1ceade 473752 net optional
samba_4.13.13+dfsg-1~deb11u4.debian.tar.xz
a91c6e2d38554116a6032357bb70bcdd 8990 net optional
samba_4.13.13+dfsg-1~deb11u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmKSfjIPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZNgUH/0jEPHRjiCZG3HXAYsOvT4W8c++knegy0qEM
GWJen2oFCCNQQCGcxzATDPOk2YuzFjgWBnvxsTKDqPXtZCZxIomzr/rAmf5UmIc6
y2Qlbl9CnrgTlQbfUiUEEuvd306VDg3zff0ttsEAkiSp/PmBPpTqA2dnXZuPfnZo
l/3xfq936EdjeTaHAsZkerH5+4W34W8ZM2PqGJ2gjWGCfWaK450UAWJIMEFK6hFB
8SdmE4M8PmK3eEhe8bSt1IRoYS0/juTRdpaZnP5dJ9qSiDy9Rf5zk4YQjFTAoTJP
+giD8JgtrzCcoQ1GSy2N6TuulsG1ipafxSpYg9he/J6FT79qS8U=
=ssEN
-----END PGP SIGNATURE-----
--- End Message ---
