Created attachment 476786 [details] upgraded samba-4.5.10 downgraded to samba-4.2.14 I recently updated two of my multiple my Gentoo-based SAMBA fileservers from 4.2.14 to 4.5.10. All of my fileservers use the same "smb.conf" file template with only "machine-specific" differences like SAMBA server interface IP addresses. After the update I found that my Windows 7 laptop, fully updated with all available MS patches, could not browse the Gentoo server running SAMBA 4.5.10. Windows constantly popped up the "Windows Security" GUI asking for security credentials. The network is "flat", only 1 subnet. Windows Active Directory is not used; I only use WINS based on a Gentoo server. There is only 1 user, "me", so I know all of the passwords. The Windows laptop was fully udpated before this Gentoo update and SAMBA shares are routinely tested/accessed. The Gentoo-based SAMBA 4.2.14 server does not exhibit the "behavior" of the samba-4.5.10 server at all. Windows browsing works fine after the downgrade. As a sidenote, my KODI PC running Debian "stretch" has SAMBA files on it with a version number of "2:4.5.8+dfsg-2". That PC can easily browse the Gentoo-based SAMBA server running 4.5.10. I can also browse the KODI PC from the Windows 7 laptop used to test the Gentoo SAMBA servers and not experience any issues at all. I have attached the "emerge" output from downgrading the 4.5.10 server back to 4.2.14. Notice the new files being added by samba-4.2.14. At least 3 files are pointed out in Gentoo BUG 619516, which is also a security issue with a CVE number. I have also attached the "ebuild" differences between 4.2.14 and 4.5.10 as seen on my Gentoo "local archive" server. What I would like to know is this: Is this behavior "by design" from the Gentoo packagers? Or, was it an "upstream" decision? Or, was it a response by Gentoo packagers to the CVE pointed out in Gentoo BUG 619516?
Created attachment 476788 [details] ebuild diff between samba-4.2.14 and samba-4.5.10
Created attachment 476790 [details] samba-4.2.14-files-in-BUG-619516
Additional comment: The "Windows Security" popup that occurs when browsing the Gentoo-based samba-4.5.10 fileserver NEVER clears up. I can click "ok" all I want but it never "resolves" (for lack of a better word). Once I click "cancel" I see the Windows app (FileCommander Portable, in my case) error out to an "error 5 access denied" dialog. I can successfully experiment directly on the Gentoo-based SAMBA fileserver using "smbclient" in the format: smbclient -U [user] [share] Perhaps this issue bisects to some difference between Gentoo's SAMBA 4.2.14 and SAMBA 4.5.10 packages; all I see are package dependency differences. Or, perhaps it tracks back something that "upstream" did differently, or "upstream" patches altered. Or the worst case might be Microsoft changing something subtle in their SMB protocols that the SAMBA developers haven't caught on to yet. I can successfully browse across the network (via CLI) between the two fileservers running different versions of SAMBA. So at least the two versions of SAMBA on Gentoo "play well together"; I already know that Gentoo SAMBA and Debian SAMBA "play well together".
I just completed a downgrade of a Gentoo-based samba-4.5.10 server to samba-4.2.14 and also sorted through the package differences. Simply put, I was able to downgrade the samba-4.5.10 package to samba-4.2.14 without downgrading the related dependencies, though samba-4.2.14 also pulled in new packages that were moved by the samba-4.5.10 upgrade. When I tested the downgraded 4.2.14 server from a 4.5.10 server using 'smbclient" I was unable to connect. I was also unable to connect without unresolved "Windows Security" popup previously described. So I went looking for other package differences and I found them in: net-libs/socket_wrapper-1.1.7 --> net-libs/socket_wrapper-1.1.6 sys-libs/tevent-0.9.31-r1 --> sys-libs/tevent-0.9.28 sys-libs/ldb-1.1.29-r1 --> sys-libs/ldb-1.1.26 --- which will add or "re-emerge".... --- net-nds/openldap-2.4.44 I have attached a text file of a more comprehensive downgrade command using "emerge". Once I downgraded these files I was able to perform a "net use" from a Windows laptop to the Gentoo-based samba-4.2.14 server. My thoughts: Are the security fixes in Gentoo BUG 619516 causing this inability to perform the "net use" problem until these libraries are downgraded?
Created attachment 476792 [details] samba-4.5.10-to-samba-4.2.14-other-package-downgrades
Please drop my name and email from this bug. I have started to move any of my Gentoo machines running SAMBA over to Debian due to "compatibility reasons" that I have outlined in this bug. Having SAMBA on Linux work for me on a daily consistent basis is more important than waiting for this bug to be fixed.
(In reply to Jeff from comment #6) > Please drop my name and email from this bug. I think that's not possible as you have opened the bug.
