What are the implications for Samba and Shared Folder when RHEL roll out the fix for https://www.samba.org/samba/security/CVE-2017-14746.html?
More info (to track): Red Hat CVE-2017-14746
Adding this server min protocol = SMB2to samba conf on global section should do the trick but now i cannot check it because i don't have access to any NS7 server. Maybe its allready patched.
Samba fix for RHEL7/CentOS7 was released on November 27th, and available through usual update procedure.
New version of packages is 4.6.2-12 (for libsmbclient, libwbclient, samba* an many other).
Thanks, I saw the updates, haven't applied them yet.
Prefer to be onsite when I apply it in case something goes wrong
I'm testing it
Package Arch Version Repository Size
apr x86_64 1.4.8-3.el7_4.1 updates 103 k
curl x86_64 7.29.0-42.el7_4.1 updates 267 k
libcurl x86_64 7.29.0-42.el7_4.1 updates 219 k
libsmbclient x86_64 4.6.2-12.el7_4 updates 130 k
libwbclient x86_64 4.6.2-12.el7_4 updates 104 k
procmail x86_64 3.22-36.el7_4.1 updates 171 k
samba x86_64 4.6.2-12.el7_4 updates 633 k
samba-client x86_64 4.6.2-12.el7_4 updates 598 k
samba-client-libs x86_64 4.6.2-12.el7_4 updates 4.7 M
samba-common noarch 4.6.2-12.el7_4 updates 197 k
samba-common-libs x86_64 4.6.2-12.el7_4 updates 164 k
samba-common-tools x86_64 4.6.2-12.el7_4 updates 456 k
samba-libs x86_64 4.6.2-12.el7_4 updates 265 k
Upgrade 13 Packages
Total download size: 7.9 M
Edit: NTLM auth still works after updating upstream packages
smbclient -d 10 -U ... //IP/share
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
Cannot do GSE to an IP address
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
ntlmssp_check_packet: NTLMSSP signature OK !
Bug is still undisclosed https://bugzilla.redhat.com/show_bug.cgi?id=1514314
I don't know how it deals with old SMB1 clients... Any idea?
Also dc container should be update at least to samba 4.6.11 (maintenance mode) or 4.7.3
I think that nothing will change, SMB1 will be working as before.
No idea. Samba 4.7.0 (old) release notes said:
A the DC package is ready for testing:
yum install http://packages.nethserver.org/nethserver/7.4.1708/autobuild/x86_64/Packages/nethserver-dc-1.3.2-1.3.pr70.gfe2eff6.ns7.x86_64.rpm
I tested the update on a production server. The DC package has been released.
This topic was automatically closed after 4 days. New replies are no longer allowed.