Bug 1018856
| Summary: | upgrade to samba-winbind-clients-4.0.9-2.fc19, missing pam_winbind, can no longer login | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Rex Dieter <rdieter> |
| Component: | samba | Assignee: | Guenther Deschner <gdeschner> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | abokovoy, asn, bugzilla.10.cyrils, dwmw2, gdeschner, jlayton, jonabbey, milan.kerslager, sbose, ssorce |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | samba-4.1.0-2.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-10-21 00:58:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Rex Dieter
2013-10-14 14:25:27 UTC
I suspect this same upgrade path issue exists with the f20 version of these updates too. We split out that module, so that you can install the i686 package on x86_64, cause the pam module and nss modules might be needed by 32bit applications. If I add "Requires: %{name}-winbind-clients" then we would again run into bug #1010722
So I don't see a way how to solve this without running into the old problem. Cause of this I would vote to close this bug as WONTFIX. Well to fix this issue, we would need the baselibs concept SUSE is using. Note the the dep I suggested on winbind-clients is not arch'd, it would only pull in the native one. Either approach I mentioned should work, but please don't WONTFIX this... like I said, you'll break every existing install that uses pam_winbind if you do. :( winbind-clients may require winbind-modules. This missing requires is what probably breaks your setup. As old boxes has winbind-clients as for-winbind-to-work-set, this Requires should preserve working setup during upgrade. BUT NOT REVERSE! This is because winbind-modules contain library which should be possible to install separately (binaries are unmixable in 32/64bit mixed environment). samba-winbind-modules doesn't require samba-winbind-clients. To correctly function they need samba-winbind but not necessarily. pam_winbind talks to winbind using a protocol over a unix socket. If we add a require then yum will probably try to install samba-winbind.x86_64 and samba-winbind.i686 and we will run into a conflict again. The only fix I can see is to add a requirement to the modules in the samba-winbind package. Then they would be always installed with samba-winbind but could be installed without it too. Do you agree with adding: Requires: samba-winbind-modules in the samba-winbind package? Does it make sense? I would say yes since samba-winbind-clients require samba-winbind of the same version. So if samba-winbind-clients is updated, samba-winbind will be updated as well and will pull samba-winbind-modules in. Do we have a fix for this? My users are gathering outside the door with pitchforks.... I'd like to use the same fix that's going into Fedora for real, and get it into our own internal repository ASAP since this is a fairly catastrophic regression... I've just realised that as a temporary workaround I can add samba-winbind-modules to the requirements of my internal $COMPANY-user-setup package so I don't need to mess around with shipping a fixed Samba package. I'm not sure if that'll be enough to get them to put their pitchforks down though. When they upgrade to the *current* package, pam_winbind.conf is 'saved': warning: /etc/security/pam_winbind.conf saved as /etc/security/pam_winbind.conf.rpmsave And then when the samba-winbind-modules package gets installed again, it isn't configured correctly. Why in $DEITY's name is krb5_auth off by default anyway; does anyone *not* want cached_login, krb5_auth, and krb5_ccache_type=FILE? I filed bug 1019354 against rpm for the fact that a config file marked %config(noreplace) is getting replaced. We might want to find a workaround for this, this time. It's bad enough that the upgrade removed the modules, without the configuration file getting eaten too. Perhaps when we install the newly-fixed package, it could look for a .rpmsave file and move that into place? Or something... I have to leave, packages will be available tomorrow morning (CEST). How to fix after update: yum install samba-winbind-modules mv /etc/security/pam_winbind.conf.rpmsave /etc/security/pam_winbind.conf How to make Adobe Reader work on 64bit system: yum install samba-winbind-modules.i686 How to downgrade: yum downgrade samba\* libwbclient libsmbclient How then exclude Samba update: echo "exclude=perl*" >> /etc/yum.conf samba-4.1.0-2.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/samba-4.1.0-2.fc20 The last line in comment #15 should be: echo "exclude=samba* libwbclient libsmbclient" >> /etc/yum.conf samba-4.0.9-3.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/samba-4.0.9-3.fc19 Please give karma if the new build works for you! Package samba-4.1.0-2.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing samba-4.1.0-2.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-19172/samba-4.1.0-2.fc20 then log in and leave karma (feedback). *** Bug 1020890 has been marked as a duplicate of this bug. *** samba-4.0.9-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. samba-4.1.0-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |