1819797 – "netbios name" should have a default set in smb.conf in clustered setups

Bug 1819797 - "netbios name" should have a default set in smb.conf in clustered setups

Summary: "netbios name" should have a default set in smb.conf in clustered setups

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	samba
Sub Component:
Version:	rhgs-3.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	RHGS 3.5.z Async Update
Assignee:	Guenther Deschner
QA Contact:	Aditya Ramteke
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1888641
TreeView+	depends on / blocked

Reported:	2020-04-01 15:16 UTC by Guenther Deschner
Modified:	2020-10-29 06:27 UTC (History)
CC List:	6 users (show)
Fixed In Version:	samba-4.12.6-102.el8rhgs
Doc Type:	Bug Fix
Doc Text:	Earlier, on standalone Samba installations without identical "netbios name" in smb.conf, individual account databases per cluster node were created. Hence, authorization failures could occur as the account database was not shared among all cluster nodes. With this update, a unified default "netbios name" on all cluster nodes guarantees the account database is using identical credentials on all cluster nodes and the authorization works as expected.
Clone Of:
Clones:	1888641 (view as bug list)
Environment:
Last Closed:	2020-10-29 06:27:25 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:4403	0	None	None	None	2020-10-29 06:27:39 UTC

Description Guenther Deschner 2020-04-01 15:16:50 UTC

Description of problem:

RHGS gluster cluster setups with ctdb absolutely need to have identical "netbios name" configurations to avoid differing account database generations on each node.

When "netbios name" is not explicitly configured (our current default), the current hostname is used for "netbios name". In that case, typically each node sets its own individual value for "netbios name". The problem that then occurs is that the CTDB database entries for both standalone and domain member setups are based on that "netbios name". 

In case of AD members authentication will fail (or worse: multiple machine accounts are created). In case of standalone machines (not joined to AD) also each node would generate its own security identifier (SID) causing all kinds of authentication and authorization problems as there is no synchronisation between the account databases of the various nodes (e.g. duplicate entries for users can get created).

All these problems are avoided when "netbios name" is set to a choosen name on all nodes in the cluster. RHGS should set a default value.

Comment 21 errata-xmlrpc 2020-10-29 06:27:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (samba bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4403

Note You need to log in before you can comment on or make changes to this bug.