[SOLVED] CentOS 7.4 (1708) - Shared folder access

giacomo · September 18, 2017, 1:23pm

Thank you @dnutan for the great workaround!

I did a bit of research and this is what I’ve found:

the bug is not present if AD and Samba re installed on a clean NethServer 7.4
the Fedora patch works

I’ve create a new sssd-libwbclient patched RPM.
Please, be sure to update everything from CentOS updates repository, than install the patch it using this commands:

yum --enablerepo=nethforge-testing update sssd-libwbclient
signal-event nethserver-samba-update

The patch works in our production environment; tested with following clients:

Windows 10 with AD join
Windows 10 without AD join
Nautilus on Fedora without join
smbclient on Fedora without join

This is the associated issue:

If everything goes well, we can release it in nethforge repository, also we will do not need anymore the vault repository.
This will bring issue-free updates for all NethServers.

Please help me test this hack! /cc @Andy_Wismer @GG_jr @mrmarkuz @compsos @des @greavette

dnutan · September 18, 2017, 2:25pm

Tested and working on:

non-joined GNU/Linux system (smbclient, GUI)
Windows 7 Pro: non-joined, joined

after resetting permissions.

des · September 18, 2017, 2:29pm

let’s get it clear:

install fresh ns7 (without patches)
install sambaad
try to join domain
add your patch
try to join domain
??

giacomo · September 18, 2017, 3:17pm

The fix should work for new installation but also for currently broken ones.
So, install the patch on a new or old machine where shared folders authentication doesn’t work

mrmarkuz · September 18, 2017, 4:10pm

It’s working!
Tested on joined/unjoined Win7/Win10 and on Raspbian with smbclient…

indra · September 19, 2017, 5:04am

Can I safely upgrade my production system now or should I still wait?

giacomo · September 19, 2017, 6:48am

It should be safe, we have the fix on our production server.
If nobody finds any error, I plan to release the fix tomorrow.

indra · September 19, 2017, 6:50am

Ok, I’ll wait till tomorrow, just to be sure.
Thanks

GG_jr · September 19, 2017, 8:48am

Tested on NS 7.3.1611 (DC-AD-FS) -> PASSED!

How I tested:

login from Win 10 Pro, non joined workstation to domain, with domain user credentials, to shared folders (user and/or guest) -> OK!
I made all updates, without reboot.
login from Win 10 Pro, non joined workstation to domain, with domain user credentials, to shared folders (user and/or guest) -> FAIL!
Reboot NS
login from Win 10 Pro, non joined workstation to domain, with domain user credentials, to shared folders (user and/or guest) -> FAIL!
installed “the patch”, whitout reboot
login from Win 10 Pro, non joined workstation to domain, with domain user credentials, to shared folders (user and/or guest) -> OK!
Reboot NS
login from Win 10 Pro, non joined workstation to domain, with domain user credentials, to shared folders (user and/or guest) -> OK!

After all tests, can we tell that we have NS 7.4?

giacomo · September 19, 2017, 8:53am

Almost! I’m preparing all repositories and start building the ISO

GG_jr · September 19, 2017, 9:06am

Congrats first to @dnutan and @giacomo and to all which have made the tests!

Good job!
Good Team!

rolf · September 19, 2017, 12:34pm

when it’s safe to upgrade, can someone please update the title of this topic? Or post another ‘pinned’ topic? Otherwise the first BIG message on this forum is NOT to upgrade, and only after reading this whole topic you realize it’s already fixed…

m.traeumner · September 19, 2017, 12:49pm

That’s a great idea,
if @giacomo is ready with his work we can change the title I think.
Something like SOLVED in front of the title.

alefattorini · September 19, 2017, 1:23pm

That’s huge man. You saved so many lives

EduardoGCorrea · September 19, 2017, 1:26pm

That works!!! I still running tests after doing the donwgrade, but the server apparently is working. Thanks. Now I am worried about next updates… And how do I solve the mess after doing manual downgrade (When the problem is solved)

dnutan · September 19, 2017, 7:17pm

Until it’s fixed upstream, there are two known solutions/workarounds:

downgrade method: unless excluded, updates will reinstall the offending packages
patched package: with a system up to date, the patched package will “override” the bugged one. Updates shouldn’t be a problem.

Once fixed upstream, updates should be hassle free on both cases. You shall look after an sssd-libwbclient package version higher than 1.15.2-50.el7_4.2.

/cc @giacomo, correct me if I’m wrong (nethserver vs upstream package naming)

fasttech · September 19, 2017, 8:43pm

I was trying to understand how this was going to go reading through this thread and was going to suggest the first thing in the first post of this thread to be exactly, step by step, for a newbie, what was needed to upgrade, but I checked the updates available in the software center using the gui and see this;

nethserver-samba-2.0.10-1.ns7.noarch     nethserver-updates
* Mon Sep 18 05:00:00 2017 Giacomo Sanchietti <giacomo.sanchietti@nethesis.it> - 2.0.10-1
- Read-only filesystem with kernel 3.10.0-693 - Bug NethServer/dev#5349

… and I see that for an unbroken, non-updated production install should be upgraded without issue from the software center.

We should still fix the thread so that the first thing someone sees is the pertinent necessary info without the need to read through the whole thread to figure out what’s going on and what to do.

my 2c

giacomo · September 20, 2017, 9:42am

You’re not wrong, but just to recap:

bugged RPM: sssd-libwbclient-1.15.2-50.el7_4.2.x86_64
patched RPM: sssd-libwbclient-1.15.2-50.el7_4.2.ns7.x86_64

I will do it

Patch released!

We just released the patched RPM inside nethforge to avoid problems for users which configured temporary frozen repositories.
Since all installations have nethforge enabled by default, everyone should get the update.
If unsure, please use following command:

yum --enablerepo=nethforge update sssd-libwbclient

Filipovic_Zoran · September 20, 2017, 9:42am

Thank you, it worked. You just saved my day