[SOLVED] CentOS 7.4 (1708) - Shared folder access

Aie…
I did an update this afternoon! :no_mouth:

Hi @giacomo and team,

I need to have this clarified. I don’t issue yum updates very often from the command line for my nethserver…but I do regularly update nethserver from the software center. Would upgrading today from the software center cause all these issues you’ve identified. Or all all these issues only for those who drop to the command line and issue yum update on their CentOS server?

Thanks!

Hi Charles, you would also have the issues when updating from software center.

3 Likes

Some others may be luckier than us but this may work for them
yum history
Note the number of the 7.4 update then
yum history undo [the noted number]
We were to far in for it to work for us.
Also if your system has read only messages in dmesg go back to the previous kernel.
We have moved data out but just down to logins failing. Other domain operations OK like adding and removing machines. Suspect it is encryption methods of the username password.
Has anyone attempted remove and rebuild the AD? Would it work?

The only verified problem right now is samba authentication, everything else should work fine.

Users wan’t be able to access authenticated shared folders.
I tried to compile a patched version off sssd but it didn’t work (Samba complained about missing symbols).
We don’t have a solution right now since we rely on upstream.

Don’t panic! :smiley: If you don’t use Samba authenticated access, you’re issue free.

Anyone upgrading samba and sssd packaged will be affected.

I just upgraded the first post, to explain better every issue and propose workarounds.

Could we change the topic of this thread to:

CentOS 7.4 - Do NOT upgrade if using samba shared folders?

Never make big changes on Friday, especially in my company where it works 24/7. it could become a nightmare!
I’m learning it at my expense and @davidep, that must give me support on Sunday.
Fortunately I saw the mega update list and came to check on the forum

3 Likes

Just to confirm, if we are using Active Directory as the local accounts provider in combination with Shared Folders, we should not upgrade?

If this is the case, would definitely recommend changing the topic name.

I always “make big changes on Friday”!
If something goes wrong, it’s plenty of time to fix everything till Monday! :grin:

I efectively don’t use Ssmba…

:wink:

Hi
So far I was very happy with Nethserver, moving from 7+ years of using SME Server.
I updated 5 Servers yesterday about an hour BEFORE the warning went out.
OK, I could revert two running as KVM VMs on Proxmox.
My own Server and 2 others didn’t have the revert option, either due to Hardware, not VM or too much data loss.
I do know the yum history and undo option from SME, but that didn’t work in the simplest case of mine…

I’m a bit worried about the two servers I rebooted. They now have the read-only filesystem. ;-(
-> I’ve fixed this according to the Error after update recreating AD instructions, this works so far. Samba is still not working.

In my opinion, the not-rebooted servers have the greatest chance of recovery.
I do have backups, but what happens after fresh install, restore? Nethserver installs the missing packages but does it update?

Let’s hope the Red-Hatters have a solution soon… :wink:

Nethserver is a good server, i’d like to use it further…

Cheers from Switzerland!
Andy

Thank you for confirming @dnutan, to be safe I reverted my Nethserver to the backup I took before upgrading (So glad I use nethserver as a virtual!). I really need to get my dev system setup again so I can test before prod upgrades.

Thanks!

Done! :wink:

A fix is out, in testing repository.

Sadly yes, upstream has replaced 7.3 repository with 7.4.

But I’m also trying to find a workaround at yum level.

Maybe this could help

My case:
I don’t have Samba (samba ad or shared folders) installed on my test server but from Software Center and yum samba is required to update.
My test server was installed about week ago and now I have maybe 250+ packages to upgrade.
If you say that there is a problem with samba maybe this could help

yum update --exclude=samba,libwbclient,libsmbclient**

this could prevent to update samba but i don’t know how it would behave with sssd packages and other dependiences…

Do not test on production!
Possible workaround for samba in a local AD:

cd
mkdir rpms
cd rpms/

# note: a multi-line command follows
wget ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/samba-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/samba-{client,client-libs,common-libs,common-tools,libs}-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/samba-common-4.4.4-14.el7_3.noarch.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/libsmbclient-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/libwbclient-4.4.4-14.el7_3.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/os/x86_64/Packages/libtevent-0.9.28-1.el7.x86_64.rpm \
ftp://fr2.rpmfind.net/linux/centos/7.3.1611/updates/x86_64/Packages/sssd-libwbclient-1.14.0-43.el7_3.18.x86_64.rpm

yum downgrade ./*.rpm
rm /etc/alternatives/libwbclient.so.0.13-64
signal-event nethserver-samba-update
cd
rm -r rpms/    # add -f option to force removal without confirmation (use with care)
10 Likes

Thank you @dnutan
I can confirm this works and recovered a production samba AD system.

Just to recap on the issue

  1. Samba modified (upstream decision)
  2. CentOS upgraded to 7.4 (upstream decision)
  3. Access to previous repositories closed and therefore blocking yum downgrade
  4. Configuration backup unable to return the system to working state, probably due to the line above.

The question is why? And what do we have to do not to be caught/trapped again by an upstream decision?

1 Like

Thanks @dnutan!

Shares working again with ACLs on my test VMs…

1 Like

Thanks @dnutan

Just made sure:

Coffein level in system: OK
Rollback by duntan: Ready
Go !

And two production systems back running!

Thanks to all!

1 Like

Therefore… if i am not using any kind of account provider… i can safely upgrade/update?