Discussion:
Potential shoot-your-self-in-the-foot with net conf setparm
Richard Sharpe via samba-technical
2018-04-30 20:03:42 UTC
Permalink
Hi folks,

I managed to hit this sequence with a 4.5.15 installation, and it does
not look like things have changed much in this area:

-----------------
$ net conf setparm global "kerberos method" secrets
$ net conf list
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
$ man smb.conf
$ net conf setparm global "kerberos method" "secrets only"
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
------------------

After that I was screwed, although maybe I could use tdbtool to fix the issue.

Has this been fixed in recent code or should I file a ticket?
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
Ralph Böhme via samba-technical
2018-04-30 20:24:39 UTC
Permalink
Hi Richard
Post by Richard Sharpe via samba-technical
I managed to hit this sequence with a 4.5.15 installation, and it does
-----------------
$ net conf setparm global "kerberos method" secrets
$ net conf list
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
$ man smb.conf
$ net conf setparm global "kerberos method" "secrets only"
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
------------------
After that I was screwed, although maybe I could use tdbtool to fix the issue.
Has this been fixed in recent code or should I file a ticket?
possibly. I remember running into the same issue with a similar version and iirc
when testing with master at that time it worked correctly. Ymmv, not sure if my
memory serves me well here. Can't you just test with master?

-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG Key Fingerprint: FAE2 C608 8A24 2520 51C5
59E4 AA1E 9B71 2639 9E46
Richard Sharpe via samba-technical
2018-04-30 20:45:02 UTC
Permalink
Post by Ralph Böhme via samba-technical
Hi Richard
Post by Richard Sharpe via samba-technical
I managed to hit this sequence with a 4.5.15 installation, and it does
-----------------
$ net conf setparm global "kerberos method" secrets
$ net conf list
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
$ man smb.conf
$ net conf setparm global "kerberos method" "secrets only"
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
------------------
After that I was screwed, although maybe I could use tdbtool to fix the issue.
Has this been fixed in recent code or should I file a ticket?
possibly. I remember running into the same issue with a similar version and iirc
when testing with master at that time it worked correctly. Ymmv, not sure if my
memory serves me well here. Can't you just test with master?
Sigh, because of a need to use a more recent version of sssd that is
not possible ATM. Maybe in a week or two.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
Christof Schmitt via samba-technical
2018-04-30 21:07:18 UTC
Permalink
Post by Richard Sharpe via samba-technical
Hi folks,
I managed to hit this sequence with a 4.5.15 installation, and it does
-----------------
$ net conf setparm global "kerberos method" secrets
$ net conf list
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
$ man smb.conf
$ net conf setparm global "kerberos method" "secrets only"
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
------------------
After that I was screwed, although maybe I could use tdbtool to fix the issue.
Has this been fixed in recent code or should I file a ticket?
Yes, this should be fixed since 4.6.0. I think these are the relevant
commits:

1f91b6a param: validate value in lp_canonicalize_parameter_with_value()
fa7e40b param: use early return in lp_canonicalize_parameter_with_value()
21ae887 param: add lp_parameter_value_is_valid() function

And that has been committed before 4.6.0:

$ git describe --contains 1f91b6a --match samba\*
samba-4.6.0rc1~571

Christof
Richard Sharpe via samba-technical
2018-04-30 21:35:03 UTC
Permalink
Post by Christof Schmitt via samba-technical
Post by Richard Sharpe via samba-technical
Hi folks,
I managed to hit this sequence with a 4.5.15 installation, and it does
-----------------
$ net conf setparm global "kerberos method" secrets
$ net conf list
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
$ man smb.conf
$ net conf setparm global "kerberos method" "secrets only"
WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
Can't load /etc/samba/smb.conf - run testparm to debug it
------------------
After that I was screwed, although maybe I could use tdbtool to fix the issue.
Has this been fixed in recent code or should I file a ticket?
Yes, this should be fixed since 4.6.0. I think these are the relevant
1f91b6a param: validate value in lp_canonicalize_parameter_with_value()
fa7e40b param: use early return in lp_canonicalize_parameter_with_value()
21ae887 param: add lp_parameter_value_is_valid() function
$ git describe --contains 1f91b6a --match samba\*
samba-4.6.0rc1~571
OK, great. Thanks.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
Loading...