From dhollen at mosis.com Tue May 3 19:36:57 2016 From: dhollen at mosis.com (David Hollenberg) Date: Tue, 3 May 2016 10:36:57 -0700 Subject: Unable to authenticate users after Samba update Message-ID: <5728E1B9.1030403@mosis.com> I updated CSWSamba from the testing catalog today, on a Solaris 10, Update 10 x86 server. This caused authentication to the host specified in a "wins server" parameter to stop working with "permission denied" errors, whereas prior to the update it was working. I restored the following 2 files from a backup made before the update and file access via Samba started working again: /opt/csw/sbin/amd64/smbd /opt/csw/sbin/pentium_pro/smbd Before the update pkgutil showed CSWsamba 3.6.25,REV=2016.02.08 3.6.25,REV=2016.04.17 (version number is 3.6.25 for both old and new versions). I'm not a Samba expert. Can anyone tell me what the problem might be? I don't know what protocol Samba uses to talk to the domain controller specified in the "wins server" parameter. Could removal of SSL2 be the problem? Dave From jh at opencsw.org Wed May 4 10:21:10 2016 From: jh at opencsw.org (Jan Holzhueter) Date: Wed, 4 May 2016 10:21:10 +0200 Subject: Will OpenSSL 1.0.1s be released? In-Reply-To: <5723B5E3.7060809@mosis.com> References: <5723B5E3.7060809@mosis.com> Message-ID: <5729B0F6.10504@opencsw.org> Hi, Am 29.04.16 um 21:28 schrieb David Hollenberg: > Will the OpenSSL 1.0.1s package be released? > > I noticed that OpenSSL 1.0.1s has blocking bugs. Looks like there is some > concern that removal of SSL2 will break some things. > > We don't need 1.0.1s, but the OpenSSL project has announced version 1.0.1t > to be released on May 3. It has fixes for some high impact security bugs > so we hope to get that version soon after it is released. 1.0.1t is in unstable now. And 1.0.1s in testing yesterday (bad timing :) Sorry for the delay. With 1.0.1t they did the right thing which they should have done in the first place. Not remove the sslv2 functions but just return NULL if you disabled sslv2. So applications will not explode crash or whatever. Just will not be able to start a session. I will probably push 1.0.1t faster to testing as 1.0.1s is broken from my point of view. Greetings Jan From jh at opencsw.org Wed May 4 10:27:14 2016 From: jh at opencsw.org (Jan Holzhueter) Date: Wed, 4 May 2016 10:27:14 +0200 Subject: Unable to authenticate users after Samba update In-Reply-To: <5728E1B9.1030403@mosis.com> References: <5728E1B9.1030403@mosis.com> Message-ID: <5729B262.2020700@opencsw.org> Hi, Am 03.05.16 um 19:36 schrieb David Hollenberg: > I updated CSWSamba from the testing catalog today, on a Solaris 10, > Update 10 x86 server. > This caused authentication to the host specified in a "wins server" > parameter to > stop working with "permission denied" errors, whereas prior to the > update it was working. > > I restored the following 2 files from a backup made before the update and > file access via Samba started working again: > > /opt/csw/sbin/amd64/smbd > /opt/csw/sbin/pentium_pro/smbd not a good idea. you should grep the old packages from here: https://mirror.opencsw.org/opencsw/allpkgs/ and install those. > > Before the update pkgutil showed > > CSWsamba 3.6.25,REV=2016.02.08 > 3.6.25,REV=2016.04.17 > > (version number is 3.6.25 for both old and new versions). this is correct as samba 3.6 is not supported anymore. We used some backported patches for the last CVEs. Maybe they are not quite correct or whatever. > > I'm not a Samba expert. Can anyone tell me what the problem might be? > > I don't know what protocol Samba uses to talk to the domain controller > specified in the "wins server" parameter. Could removal of SSL2 be the > problem? don't know either what the problem could be. Could you provide the logs with higher logging level e.g. 5 so maybe I can catch something. If not maybe we should just rollback the patches we added. Greetings Jan From laurent at opencsw.org Wed May 4 10:45:19 2016 From: laurent at opencsw.org (Laurent Blume) Date: Wed, 4 May 2016 10:45:19 +0200 Subject: Unable to authenticate users after Samba update In-Reply-To: <5728E1B9.1030403@mosis.com> References: <5728E1B9.1030403@mosis.com> Message-ID: <5729B69F.2070402@opencsw.org> Hello, About versioning: Samba does not maintain version 3.6 anymore. Security patches have been released by 3rd parties, and I applied them, but there is no, and will not be any more version change. I do not want to start a new -patchlevel scheme. So the date implies the change, and that's it. The solution here is to move away as fast as possible from Samba 3.6. As for the latest update: there was a change of protocol because of a security flaw. So, *all systems* communicating via CIFS (and that means, *ALL*, including Linux, Windows, Android, whatever...), MUST be upgraded together, else there will be interoperability issues. Has the host with issues been patched? Laurent Le 2016/05/03 19:36 +0200, David Hollenberg a ?crit: > I updated CSWSamba from the testing catalog today, on a Solaris 10, > Update 10 x86 server. > This caused authentication to the host specified in a "wins server" > parameter to > stop working with "permission denied" errors, whereas prior to the > update it was working. > > I restored the following 2 files from a backup made before the update and > file access via Samba started working again: > > /opt/csw/sbin/amd64/smbd > /opt/csw/sbin/pentium_pro/smbd > > Before the update pkgutil showed > > CSWsamba 3.6.25,REV=2016.02.08 > 3.6.25,REV=2016.04.17 > > (version number is 3.6.25 for both old and new versions). > > I'm not a Samba expert. Can anyone tell me what the problem might be? > > I don't know what protocol Samba uses to talk to the domain controller > specified in the "wins server" parameter. Could removal of SSL2 be the > problem? > > Dave > From laurent at opencsw.org Wed May 4 11:09:28 2016 From: laurent at opencsw.org (Laurent Blume) Date: Wed, 4 May 2016 11:09:28 +0200 Subject: Unable to authenticate users after Samba update In-Reply-To: <5729B69F.2070402@opencsw.org> References: <5728E1B9.1030403@mosis.com> <5729B69F.2070402@opencsw.org> Message-ID: <5729BC48.60309@opencsw.org> What I should have added: packages rollback on Solaris sucks. Use a staging server to test and validate before rolling out to production. That will save a lot (though sadly, not all) of grief. Laurent Le 2016/05/04 10:45 +0200, Laurent Blume a ?crit: > Hello, > > About versioning: Samba does not maintain version 3.6 anymore. Security > patches have been released by 3rd parties, and I applied them, but there > is no, and will not be any more version change. I do not want to start a > new -patchlevel scheme. So the date implies the change, and that's it. > The solution here is to move away as fast as possible from Samba 3.6. > > As for the latest update: there was a change of protocol because of a > security flaw. > So, *all systems* communicating via CIFS (and that means, *ALL*, > including Linux, Windows, Android, whatever...), MUST be upgraded > together, else there will be interoperability issues. > > Has the host with issues been patched? > > Laurent > > Le 2016/05/03 19:36 +0200, David Hollenberg a ?crit: >> I updated CSWSamba from the testing catalog today, on a Solaris 10, >> Update 10 x86 server. >> This caused authentication to the host specified in a "wins server" >> parameter to >> stop working with "permission denied" errors, whereas prior to the >> update it was working. >> >> I restored the following 2 files from a backup made before the update and >> file access via Samba started working again: >> >> /opt/csw/sbin/amd64/smbd >> /opt/csw/sbin/pentium_pro/smbd >> >> Before the update pkgutil showed >> >> CSWsamba 3.6.25,REV=2016.02.08 >> 3.6.25,REV=2016.04.17 >> >> (version number is 3.6.25 for both old and new versions). >> >> I'm not a Samba expert. Can anyone tell me what the problem might be? >> >> I don't know what protocol Samba uses to talk to the domain controller >> specified in the "wins server" parameter. Could removal of SSL2 be the >> problem? >> >> Dave >> > > > > From chouck at binghamton.edu Wed May 4 16:06:13 2016 From: chouck at binghamton.edu (CMH) Date: Wed, 4 May 2016 10:06:13 -0400 Subject: Unable to authenticate users after Samba update In-Reply-To: <5729B69F.2070402@opencsw.org> References: <5728E1B9.1030403@mosis.com> <5729B69F.2070402@opencsw.org> Message-ID: <572A01D5.9020700@binghamton.edu> I installed the fix/patch/update that Laurent graciously created and it is working well. # /opt/csw/sbin/smbd -V Version 3.6.25 # uname -a SunOS 5.10 Generic_142900-13 sun4v sparc SUNW,SPARC-Enterprise-T5220 yes I know how far out of patch'ing it is. A long story I will tell you off list if interested. On 05/04/2016 04:45 AM, Laurent Blume wrote: > Hello, > > About versioning: Samba does not maintain version 3.6 anymore. Security > patches have been released by 3rd parties, and I applied them, but there > is no, and will not be any more version change. I do not want to start a > new -patchlevel scheme. So the date implies the change, and that's it. > The solution here is to move away as fast as possible from Samba 3.6. > > As for the latest update: there was a change of protocol because of a > security flaw. > So, *all systems* communicating via CIFS (and that means, *ALL*, > including Linux, Windows, Android, whatever...), MUST be upgraded > together, else there will be interoperability issues. > > Has the host with issues been patched? > > Laurent > > Le 2016/05/03 19:36 +0200, David Hollenberg a ?crit: >> I updated CSWSamba from the testing catalog today, on a Solaris 10, >> Update 10 x86 server. >> This caused authentication to the host specified in a "wins server" >> parameter to >> stop working with "permission denied" errors, whereas prior to the >> update it was working. >> >> I restored the following 2 files from a backup made before the update and >> file access via Samba started working again: >> >> /opt/csw/sbin/amd64/smbd >> /opt/csw/sbin/pentium_pro/smbd >> >> Before the update pkgutil showed >> >> CSWsamba 3.6.25,REV=2016.02.08 >> 3.6.25,REV=2016.04.17 >> >> (version number is 3.6.25 for both old and new versions). >> >> I'm not a Samba expert. Can anyone tell me what the problem might be? >> >> I don't know what protocol Samba uses to talk to the domain controller >> specified in the "wins server" parameter. Could removal of SSL2 be the >> problem? >> >> Dave >> > > -- ITS Systems @ TTH Craig M. Houck ><> 204B - 607 777 6827 We are only as good as the problems we solve. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chouck at binghamton.edu Wed May 4 16:07:58 2016 From: chouck at binghamton.edu (CMH) Date: Wed, 4 May 2016 10:07:58 -0400 Subject: Will OpenSSL 1.0.1s be released? In-Reply-To: <5729B0F6.10504@opencsw.org> References: <5723B5E3.7060809@mosis.com> <5729B0F6.10504@opencsw.org> Message-ID: <572A023E.4090802@binghamton.edu> We/I/us have been complying newest openssl source on our physical solaris servers for some time with great success. On 05/04/2016 04:21 AM, Jan Holzhueter wrote: > Hi, > > Am 29.04.16 um 21:28 schrieb David Hollenberg: >> Will the OpenSSL 1.0.1s package be released? >> >> I noticed that OpenSSL 1.0.1s has blocking bugs. Looks like there is some >> concern that removal of SSL2 will break some things. >> >> We don't need 1.0.1s, but the OpenSSL project has announced version 1.0.1t >> to be released on May 3. It has fixes for some high impact security bugs >> so we hope to get that version soon after it is released. > 1.0.1t is in unstable now. And 1.0.1s in testing yesterday (bad timing :) > Sorry for the delay. With 1.0.1t they did the right thing which they > should have done in the first place. Not remove the sslv2 functions but > just return NULL if you disabled sslv2. So applications will not explode > crash or whatever. Just will not be able to start a session. > I will probably push 1.0.1t faster to testing as 1.0.1s is broken from > my point of view. > > Greetings > Jan > > -- ITS Systems @ TTH Craig M. Houck ><> 204B - 607 777 6827 We are only as good as the problems we solve. From jackson at encompasserve.org Sat May 14 22:03:38 2016 From: jackson at encompasserve.org (Michael Jackson) Date: Sat, 14 May 2016 16:03:38 -0400 (EDT) Subject: CSWr-base Solaris 11 SPARC: Broken after updating In-Reply-To: References: <201409120815.s8C8FFKp029457@www.opencsw.org> <1238F6F4-6CD4-4309-87D1-FE72D46C2822@opencsw.org> <6CC5E7D0-3B6F-4F9B-8754-0ED58F0C46F2@opencsw.org> <54D5531D-EAD8-4418-838A-9CF1F660F1E5@opencsw.org> <6FDCA59A-4B14-4E77-A2D8-50453E6D950C@opencsw.org> <0603FAB2-80F4-4BEF-991D-7554AB59D730@opencsw.org> <26CAEB69-DDF8-4395-90AE-53C637089986@opencsw.org> <648C8D6E-2ABF-47AF-95E1-B6B6FF30B8C8@opencsw.org> Message-ID: Dam, Peter, special thanks to you for your replies and sorry I didn't thank you for them at the time. Since then you've recently again updated R. It installed smoothly and the X11 interface works perfectly. Thank you so much for your continued service to the Solaris SPARC community. Kind regards, On Wed, 16 Dec 2015, Dagobert Michelsen wrote: > Hi Michael, > > Am 14.12.2015 um 01:16 schrieb noskcaJ leahciM : >> Thank you for porting R. >> >> I had both your R and Oracle's R installed and working. >> >> I updated OpenCSW R which updated: >> >> Package from to >> CSWlibgfortran3 4.9.2,REV=2014.11.07 5.2.0,REV=2015.07.31 >> CSWlibgomp1 4.9.2,REV=2014.11.07 5.2.0,REV=2015.07.31 >> CSWlibpcre1 8.37,REV=2015.04.30 8.38,REV=2015.11.23 >> >> now R complains on startup about its Fortran library libfai.so: >> >> $ R >> ld.so.1: R: fatal: /opt/csw/lib/libfai.so.3: wrong ELF class: ELFCLASS32 > > You need to have CSWss12f95rt installed: > > /opt/csw/lib/libfai.so.1 f none 0755 root bin 1350220 52218 1285605663 CSWss12f95rt > /opt/csw/lib/libfai.so.2 f none 0755 root bin 1351796 53170 1285605663 CSWss12f95rt > /opt/csw/lib/libfai.so.3 f none 0755 root bin 1232964 29458 1285605663 CSWss12f95rt > /opt/csw/lib/libfai2.so.1 f none 0755 root bin 1346384 44049 1285605663 CSWss12f95rt > /opt/csw/lib/libfai2.so.2 f none 0755 root bin 1376980 39536 1285605663 CSWss12f95rt > /opt/csw/lib/libfai2.so.3 f none 0755 root bin 1476528 14072 1285605663 CSWss12f95rt > /opt/csw/lib/sparcv9/libfai.so.1 f none 0755 root bin 1424560 50088 1285605664 CSWss12f95rt > /opt/csw/lib/sparcv9/libfai.so.2 f none 0755 root bin 1426608 6345 1285605664 CSWss12f95rt > /opt/csw/lib/sparcv9/libfai.so.3 f none 0755 root bin 1303848 16316 1285605664 CSWss12f95rt > /opt/csw/lib/sparcv9/libfai2.so.1 f none 0755 root bin 2178056 14555 1285605664 CSWss12f95rt > /opt/csw/lib/sparcv9/libfai2.so.2 f none 0755 root bin 2213904 26319 1285605664 CSWss12f95rt > /opt/csw/lib/sparcv9/libfai2.so.3 f none 0755 root bin 2316376 55120 1285605664 CSWss12f95rt > > > Best regards > > ??? Dago