[Pkg-samba-maint] Restoring pre Badlock CVE behavior in libsmbclient

Andrew Bartlett abartlet at samba.org
Fri Apr 29 10:07:36 UTC 2016


On Mon, 2016-04-18 at 00:04 +0000, Sam Nazarko wrote:
> Hello,
> 
> Since updating OSMC (a Debian based Linux distribution) to the latest
> version of Samba from jessie, we have noticed that guest access is no
> longer working as expected. We have also noticed that some legacy
> devices, such as Time Capsules are not working correctly.
> 
> Our smb.conf is as follows:
> 
> [global]
>     preferred master = no
>     local master = no
>     domain master = no
>     client lanman auth = yes
>     raw NTLMv2 auth = yes
>     ldap server require strong auth = no
>     lanman auth = yes
>     socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536
>     lock directory = /home/osmc/.smb/
>     name resolve order = bcast host
> 
> I was hoping the addition of raw NTLMv2 auth = yes and ldap server
> require strong auth = no would suffice in restoring the old
> behaviour, but this unfortunately does not seem to be the case.
> 
> I would appreciate it if it could be made clear which settings need
> to be added to smb.conf to restore the old functionality where Debian
> can connect to Windows Samba shares as guests with no authentication.
> Presently, we seem to have several hundred users affected by this
> issue and would like to remedy it without introducing our own
> downstream library and reverting these commits
> 
> I am not subscribed to this mailing list so I would appreciate being
> copied in on future replies. 

We expect to address this with a new release soon, as a great deal of
work has been done to fix up the regressions in the past couple of
weeks.

In the meantime, for libsmbclient use, the old packages present no
risk, and can continue to be used.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the Pkg-samba-maint mailing list