Bug 1737888
| Summary: | Libwbclient alternatives manual setting lost | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Davide Principi <davide.principi> | |
| Component: | samba | Assignee: | Andreas Schneider <asn> | |
| Status: | CLOSED ERRATA | QA Contact: | Denis Karpelevich <dkarpele> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.0 | CC: | asn, gdeschner, jarrpa, jstephen, sbose, squinney | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | samba-4.10.13-1.el7 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1785134 (view as bug list) | Environment: | ||
| Last Closed: | 2020-09-29 20:19:06 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1785134 | |||
We are seeing exactly the same problem on large numbers of machines (~100s) so this is definitely a common problem. Running the /usr/sbin/update-alternatives command from the posttrans script for the libwbclient package manually fixes the alternatives symlinks. Hi, it looks like 'alternatives --remove' is called unconditionally during %preun in the spec file. This means that during updates the alternatives configuration for Samba's libwbclient is first removed and then added again which will trigger the auto mechanism of the alternatives tool. I would suggest to wrap the alternatives call in '%preun' with 'if [ $1 -eq 0 ]; then ... fi' so that 'alternatives --remove' is only called if the package is really uninstalled (see e.g. https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/ for the different values of $1). Please note that since always '%preun' from the old package is used this will not be fixed with the next update but only with the next but one update. As a workaround, since it is not used, you can remove the sssd-libwbclient package. Then Samba's libwbclient will be the only alternative. bye, Sumit Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: samba security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3981 |
Description of problem: A samba package upgrade causes the manual setting of libwbclient alternatives to be lost. The winbind daemon loads the wrong sssd-libwbclient library and access to samba shares does not work any more (NT_STATUS_LOGON_FAILURE). Version-Release number of selected component: - samba-4.8.3-6.el7_6 - chkconfig-1.7.4-1.el7.x86_64 (provides alternatives command) How reproducible: Always reproducible on CentOS 7.6, with the following steps. Steps to Reproduce: 1. install an old version of samba: yum install samba-4.8.3-4.el7 2. install a libwbclient alternative: yum install sssd-libwbclient 3. set libwbclient "manual": alternatives --set libwbclient.so.0.14-64 /usr/lib64/samba/wbclient/libwbclient.so.0.14 4. install latest samba packages: yum update samba-4.8.3-6.el7_6 Actual results: [root@vm6 ~]# alternatives --list libnssckbi.so.x86_64 auto /usr/lib64/pkcs11/p11-kit-trust.so ld auto /usr/bin/ld.bfd mta auto /usr/sbin/sendmail.postfix libwbclient.so.0.14-64 auto /usr/lib64/sssd/modules/libwbclient.so.0.14.0 Expected results: [root@vm6 ~]# alternatives --list libnssckbi.so.x86_64 auto /usr/lib64/pkcs11/p11-kit-trust.so ld auto /usr/bin/ld.bfd mta auto /usr/sbin/sendmail.postfix libwbclient.so.0.14-64 manual /usr/lib64/samba/wbclient/libwbclient.so.0.14 Additional info: Originally reported here: https://community.nethserver.org/t/after-yum-upgrade-shares-no-more-accessible/13131