Recently about 10day ago SuSE published a samba security update with package version samba 4.13.13+git.528.140935f8d6a-3.12.1, about day later 4.13.13+git.531.903f5c0ccdc-3.17.1.
These new version immediately broke our SLES15SP3 samba server, so that no one (about 200 users) was able to connect to samba any more. This was caused by a bug in this new 4.13.13+git.528 - samba version that in between has been fixed by the samba team. See here:
At the moment we use an older samba version which was still fine (4.13.10+git.236.0517d0e6bdf-3.7.12) and I am waiting for new patched samba packages from SuSE that include the new code from above to fix the samba problem.
Can anyone tell when this will happen?
Now nearly a month has passed but nothing has changed unfortunately. The latest SLES samba packages (still: samba-4.13.13+git.531.903f5c0ccdc-3.17.1.x86_64) seem to be missing fixes that were introduced at 2021-11-12 08:50:59 UTC by Stefan Metzmacher ( bso#14901, see link in my first post) which fix some more problems we apparently suffer from. The mentioned fixes make the usermap script obsolete again (we never used or needed it) so that samba works just like before.
I also tried introducing a usermap script in our samba setup. Then user authentication works again, but some strange file access issues appear that are not visible in the older pre 4.13.13+git.531.903 samba version from SLES15SP3.
A user that had the same problems like me created new samba packages on OBS including the patches from bso 14901 on his own. Using these packages everything works again for us without any modifications. So it seems that SuSE did not include bso 14901 in its samba packages (there is also no reference to this bso in the change logs) and this results in the problems I see with our samba installation.
Would be great to see a new version from SuSE that does include these patches…
thank you for the X-mas gift The desired patches have finally arrived for OpenSuSE Leap as well as SLES and samba seems to be working correctly again at our site.