Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#993347: samba: recent systemd update (DSA-4942-1) makes samba-ad-dc complain about PID's.
769 views
Skip to first unread message
lo...@van-belle.nl
Aug 31, 2021, 4:30:03 AM8/31/21
to
Package: samba
Version: 2:4.13.5+dfsg-2
Severity: important
X-Debbugs-Cc: lo...@van-belle.nl
Hai
current samba-ad-dc complains about Type=notify(-all)
We are getting the mssage.
Got notification message from PID xxxxx, but reception only permitted for main PID yyyy
Suspectily the update in Systemd while Bullseye was in freeze triggered above message
(see https://www.debian.org/security/2021/dsa-4942)
The fix is simple.
Change in samba-ad-dc.service Type=Notify to Type=Fork
it only effects (as far i can tell) the AD-DC setups.
-- Package-specific info:
* /etc/samba/smb.conf present, and attached
* /var/lib/samba/dhcp.conf not present
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages samba depends on:
ii adduser 3.118
ii dpkg 1.20.9
ii init-system-helpers 1.60
ii libbsd0 0.11.3-1
ii libc6 2.31-13
ii libgnutls30 3.7.1-5
ii libldb2 2:2.2.0-3.1
ii libpam-modules 1.4.0-9
ii libpam-runtime 1.4.0-9
ii libpopt0 1.18-2
ii libpython3.9 3.9.2-1
ii libtalloc2 2.3.1-2+b1
ii libtasn1-6 4.16.0-2
ii libtdb1 1.4.3-1+b1
ii libtevent0 0.10.2-1
ii libwbclient0 2:4.13.5+dfsg-2
ii lsb-base 11.1.0
ii procps 2:3.3.17-5
ii python3 3.9.2-3
ii python3-dnspython 2.0.0-1
ii python3-samba 2:4.13.5+dfsg-2
ii samba-common 2:4.13.5+dfsg-2
ii samba-common-bin 2:4.13.5+dfsg-2
ii samba-libs 2:4.13.5+dfsg-2
ii tdb-tools 1.4.3-1+b1
Versions of packages samba recommends:
ii attr 1:2.4.48-6
ii logrotate 3.18.0-2
ii python3-markdown 3.3.4-1
ii samba-dsdb-modules 2:4.13.5+dfsg-2
ii samba-vfs-modules 2:4.13.5+dfsg-2
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
pn ntp | chrony <none>
pn smbldap-tools <none>
pn ufw <none>
ii winbind 2:4.13.5+dfsg-2
-- no debconf information
Version: 2:4.13.5+dfsg-2
Severity: important
X-Debbugs-Cc: lo...@van-belle.nl
Hai
current samba-ad-dc complains about Type=notify(-all)
We are getting the mssage.
Got notification message from PID xxxxx, but reception only permitted for main PID yyyy
Suspectily the update in Systemd while Bullseye was in freeze triggered above message
(see https://www.debian.org/security/2021/dsa-4942)
The fix is simple.
Change in samba-ad-dc.service Type=Notify to Type=Fork
it only effects (as far i can tell) the AD-DC setups.
-- Package-specific info:
* /etc/samba/smb.conf present, and attached
* /var/lib/samba/dhcp.conf not present
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages samba depends on:
ii adduser 3.118
ii dpkg 1.20.9
ii init-system-helpers 1.60
ii libbsd0 0.11.3-1
ii libc6 2.31-13
ii libgnutls30 3.7.1-5
ii libldb2 2:2.2.0-3.1
ii libpam-modules 1.4.0-9
ii libpam-runtime 1.4.0-9
ii libpopt0 1.18-2
ii libpython3.9 3.9.2-1
ii libtalloc2 2.3.1-2+b1
ii libtasn1-6 4.16.0-2
ii libtdb1 1.4.3-1+b1
ii libtevent0 0.10.2-1
ii libwbclient0 2:4.13.5+dfsg-2
ii lsb-base 11.1.0
ii procps 2:3.3.17-5
ii python3 3.9.2-3
ii python3-dnspython 2.0.0-1
ii python3-samba 2:4.13.5+dfsg-2
ii samba-common 2:4.13.5+dfsg-2
ii samba-common-bin 2:4.13.5+dfsg-2
ii samba-libs 2:4.13.5+dfsg-2
ii tdb-tools 1.4.3-1+b1
Versions of packages samba recommends:
ii attr 1:2.4.48-6
ii logrotate 3.18.0-2
ii python3-markdown 3.3.4-1
ii samba-dsdb-modules 2:4.13.5+dfsg-2
ii samba-vfs-modules 2:4.13.5+dfsg-2
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
pn ntp | chrony <none>
pn smbldap-tools <none>
pn ufw <none>
ii winbind 2:4.13.5+dfsg-2
-- no debconf information
Mathieu Parent
Aug 31, 2021, 4:50:04 AM8/31/21
to
Le mar. 31 août 2021 à 10:21, lo...@van-belle.nl <lo...@van-belle.nl> a écrit :
>
> Package: samba
> Version: 2:4.13.5+dfsg-2
> Severity: important
> X-Debbugs-Cc: lo...@van-belle.nl
>
> Hai
>
> current samba-ad-dc complains about Type=notify(-all)
>
> We are getting the mssage.
> Got notification message from PID xxxxx, but reception only permitted for main PID yyyy
>
> Suspectily the update in Systemd while Bullseye was in freeze triggered above message
> (see https://www.debian.org/security/2021/dsa-4942)
>
> The fix is simple.
> Change in samba-ad-dc.service Type=Notify to Type=Fork
> it only effects (as far i can tell) the AD-DC setups.
Thanks Louis for this.
>
> Package: samba
> Version: 2:4.13.5+dfsg-2
> Severity: important
> X-Debbugs-Cc: lo...@van-belle.nl
>
> Hai
>
> current samba-ad-dc complains about Type=notify(-all)
>
> We are getting the mssage.
> Got notification message from PID xxxxx, but reception only permitted for main PID yyyy
>
> Suspectily the update in Systemd while Bullseye was in freeze triggered above message
> (see https://www.debian.org/security/2021/dsa-4942)
>
> The fix is simple.
> Change in samba-ad-dc.service Type=Notify to Type=Fork
> it only effects (as far i can tell) the AD-DC setups.
Maybe a better fix is to use:
NotifyAccess=all
https://www.freedesktop.org/software/systemd/man/systemd.service.html#NotifyAccess=
Cheers
--
Mathieu Parent
Louis van Belle
Aug 31, 2021, 5:30:03 AM8/31/21
to
Hi mathieu,
Thanks for the quick reply.
Thanks on that one.
I've just checked all types of the NotifyAccess.
NotifyAccess=all is the only one that works.
So that looks fine to me.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Pkg-samba-maint
> [mailto:pkg-samba-maint-bounces+belle=bazuin.nl@alioth-lists.d
> ebian.net] Namens Mathieu Parent
> Verzonden: dinsdag 31 augustus 2021 10:41
> Aan: lo...@van-belle.nl; 993...@bugs.debian.org
> Onderwerp: [Pkg-samba-maint] Bug#993347: Bug#993347: samba:
> recent systemd update (DSA-4942-1) makes samba-ad-dc complain
> about PID's.
> _______________________________________________
> Pkg-samba-maint mailing list
> Pkg-sam...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-s
> amba-maint
>
Thanks for the quick reply.
Thanks on that one.
I've just checked all types of the NotifyAccess.
NotifyAccess=all is the only one that works.
So that looks fine to me.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Pkg-samba-maint
> [mailto:pkg-samba-maint-bounces+belle=bazuin.nl@alioth-lists.d
> ebian.net] Namens Mathieu Parent
> Verzonden: dinsdag 31 augustus 2021 10:41
> Aan: lo...@van-belle.nl; 993...@bugs.debian.org
> Onderwerp: [Pkg-samba-maint] Bug#993347: Bug#993347: samba:
> recent systemd update (DSA-4942-1) makes samba-ad-dc complain
> about PID's.
> Pkg-samba-maint mailing list
> Pkg-sam...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-s
> amba-maint
>
FeRD
Jan 16, 2022, 8:30:04 PM1/16/22
to
I became aware of this report via the open bug in Samba bugzilla.
https://gitlab.com/samba-team/samba/-/merge_requests/1813
That code was merged on 2021-03-01, a few days before the Samba 4.14.0 release, so it should be in both 4.14 and 4.15.
NotifyAccess=all was actually only recently (well, around 2 years ago) removed from the Samba systemd unit files. So that was a deliberate change, as implemented in this commit:
However, that did have some residual fallout that was subsequently addressed. It appears that this particular issue should have been resolved by:
https://gitlab.com/samba-team/samba/-/merge_requests/1813
That code was merged on 2021-03-01, a few days before the Samba 4.14.0 release, so it should be in both 4.14 and 4.15.
Can anyone confirm whether NotifyAccess=all is still required with more recent Samba releases (4.14.x / 4.15.x)?
Michael Tokarev
Apr 23, 2022, 5:40:03 AM4/23/22
to
Control: tag -1 + moreinfo
So, as suggested by FeRD, has it been fixed by subsequent samba release(s)?
Louis, can you test a more recent version, or are you on stable/bullseye now
(which still does not have the mentioned fix)?
It looks like this issue has been fixed by 4.14...
Thanks,
/mjt
So, as suggested by FeRD, has it been fixed by subsequent samba release(s)?
Louis, can you test a more recent version, or are you on stable/bullseye now
(which still does not have the mentioned fix)?
It looks like this issue has been fixed by 4.14...
Thanks,
/mjt
0 new messages