[SOLVED] CentOS 7.4 (1708) - Shared folder access

Bug
31

Hi
So far I was very happy with Nethserver, moving from 7+ years of using SME Server.
I updated 5 Servers yesterday about an hour BEFORE the warning went out.
OK, I could revert two running as KVM VMs on Proxmox.
My own Server and 2 others didn’t have the revert option, either due to Hardware, not VM or too much data loss.
I do know the yum history and undo option from SME, but that didn’t work in the simplest case of mine…

I’m a bit worried about the two servers I rebooted. They now have the read-only filesystem. ;-(
-> I’ve fixed this according to the Error after update recreating AD instructions, this works so far. Samba is still not working.

In my opinion, the not-rebooted servers have the greatest chance of recovery.
I do have backups, but what happens after fresh install, restore? Nethserver installs the missing packages but does it update?

Let’s hope the Red-Hatters have a solution soon… :wink:

Nethserver is a good server, i’d like to use it further…

Cheers from Switzerland!
Andy

32

Thank you for confirming @dnutan, to be safe I reverted my Nethserver to the backup I took before upgrading (So glad I use nethserver as a virtual!). I really need to get my dev system setup again so I can test before prod upgrades.

Thanks!

33

Done! :wink:

A fix is out, in testing repository.

Sadly yes, upstream has replaced 7.3 repository with 7.4.

But I’m also trying to find a workaround at yum level.

34

Maybe this could help

35

My case:
I don’t have Samba (samba ad or shared folders) installed on my test server but from Software Center and yum samba is required to update.
My test server was installed about week ago and now I have maybe 250+ packages to upgrade.
If you say that there is a problem with samba maybe this could help

yum update --exclude=samba,libwbclient,libsmbclient**

this could prevent to update samba but i don’t know how it would behave with sssd packages and other dependiences…

36

Do not test on production!
Possible workaround for samba in a local AD:

cd
mkdir rpms
cd rpms/

# note: a multi-line command follows
wget ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/samba-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/samba-{client,client-libs,common-libs,common-tools,libs}-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/samba-common-4.4.4-14.el7_3.noarch.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/libsmbclient-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/libwbclient-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/os/x86_64/Packages/libtevent-0.9.28-1.el7.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/sssd-libwbclient-1.14.0-43.el7_3.18.x86_64.rpm

yum downgrade ./*.rpm
rm /etc/alternatives/libwbclient.so.0.13-64
signal-event nethserver-samba-update
cd
rm -r rpms/    # add -f option to force removal without confirmation (use with care)
10 Likes
37

Thank you @dnutan
I can confirm this works and recovered a production samba AD system.

Just to recap on the issue

  1. Samba modified (upstream decision)
  2. CentOS upgraded to 7.4 (upstream decision)
  3. Access to previous repositories closed and therefore blocking yum downgrade
  4. Configuration backup unable to return the system to working state, probably due to the line above.

The question is why? And what do we have to do not to be caught/trapped again by an upstream decision?

1 Like
38

Thanks @dnutan!

Shares working again with ACLs on my test VMs…

1 Like
39

Thanks @dnutan

Just made sure:

Coffein level in system: OK
Rollback by duntan: Ready
Go !

And two production systems back running!

Thanks to all!

1 Like
40

Therefore… if i am not using any kind of account provider… i can safely upgrade/update?

41

Yes.
But if you have have nethserver-samba installed, make sure to get the latest package which fix the read-only filesystem issue.

42

Still not installed. Therefore… yum update right now.

43

Thank you @dnutan for the great workaround!

I did a bit of research and this is what I’ve found:

  • the bug is not present if AD and Samba re installed on a clean NethServer 7.4
  • the Fedora patch works

I’ve create a new sssd-libwbclient patched RPM.
Please, be sure to update everything from CentOS updates repository, than install the patch it using this commands:

yum --enablerepo=nethforge-testing update sssd-libwbclient
signal-event nethserver-samba-update

The patch works in our production environment; tested with following clients:

  • Windows 10 with AD join
  • Windows 10 without AD join
  • Nautilus on Fedora without join
  • smbclient on Fedora without join

This is the associated issue:

If everything goes well, we can release it in nethforge repository, also we will do not need anymore the vault repository.
This will bring issue-free updates for all NethServers.

Please help me test this hack! /cc @Andy_Wismer @GG_jr @mrmarkuz @compsos @des @greavette

3 Likes
44

Tested and working on:

  • non-joined GNU/Linux system (smbclient, GUI)
  • Windows 7 Pro: non-joined, joined

after resetting permissions.

45

let’s get it clear:

install fresh ns7 (without patches)
install sambaad
try to join domain
add your patch
try to join domain
??

46

The fix should work for new installation but also for currently broken ones.
So, install the patch on a new or old machine where shared folders authentication doesn’t work :slight_smile:

47

It’s working! :thumbsup:
Tested on joined/unjoined Win7/Win10 and on Raspbian with smbclient…

2 Likes
48

Can I safely upgrade my production system now or should I still wait?

49

It should be safe, we have the fix on our production server.
If nobody finds any error, I plan to release the fix tomorrow.

3 Likes
50

Ok, I’ll wait till tomorrow, just to be sure.
Thanks :slight_smile: