Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
oops In my previous post i made a typo #getsebool -P "winbind_disable_trans" = 1 it should be #setsebool -P "winbind_disable_trans" = 1 On Wed, Jun 4, 2008 at 10:25 AM, mallapadi niranjan < [EMAIL PROTECTED]> wrote: > Hi, > > I am not seeing this issue on RHEL4 update 6. but i am using > > samba-3.0.25b-1.el4_6.5 > samba-common-3.0.25b-1.el4_6.5.i386 > samba-client-3.0.25b-1.el4_6.5.i386 > > My sestatus is having as below > > > [EMAIL PROTECTED] ~]# sestatus > SELinux status: enabled > SELinuxfs mount:/selinux > Current mode: enforcing > Mode from config file: enforcing > Policy version: 18 > Policy from config file:targeted > > Policy booleans: > allow_syslog_to_console inactive > allow_ypbindinactive > dhcpd_disable_trans inactive > httpd_builtin_scripting active > httpd_disable_trans inactive > httpd_enable_cgiactive > httpd_enable_homedirs active > httpd_ssi_exec active > httpd_tty_comm inactive > httpd_unified active > mysqld_disable_transinactive > named_disable_trans inactive > named_write_master_zonesinactive > nscd_disable_trans inactive > ntpd_disable_trans inactive > pegasus_disable_trans inactive > portmap_disable_trans inactive > postgresql_disable_transinactive > snmpd_disable_trans inactive > squid_disable_trans inactive > syslogd_disable_trans inactive > use_nfs_home_dirs inactive > use_samba_home_dirs inactive > use_syslognginactive > winbind_disable_trans inactive > ypbind_disable_transinactive > > > When i joined the system to AD and restarted winbind, it did not give any > selinux errors on /var/log/message, or console or /var/log/audit/audit.log > > > [EMAIL PROTECTED] ~]# service winbind restart > > Shutting down Winbind services:[ OK ] > Starting Winbind services: [ OK ] > > > So can you paste your selinux messages, that you are getting, and the samba > version. Or if you feel you can do the following , without making selinux > to permissive or disabling it. > > #getsebool -P "winbind_disable_trans" = 1 > > Regards > Niranjan > > > On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt <[EMAIL PROTECTED]> > wrote: > >> SELinux appears to be interfering with winbind's functionality. >> >> >> >> I have the lastest policy package installed: >> >> >> >> selinux-policy-targeted-1.17.30-2.149 >> >> >> >> which allegedly solves this problem according to the RedHat knowledge >> base, but clearly does not. I have to turn off SELinux by using >> setenforce 0 (permissive) to get winbind to work at all, and based on >> what I see in the log files, disabling it completely is necessary to >> prevent all interference. >> >> >> >> Am I missing something? Are other folks having this problem? >> >> >> >> Regards, >> >> Thomas Leavitt >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
Hi, I am not seeing this issue on RHEL4 update 6. but i am using samba-3.0.25b-1.el4_6.5 samba-common-3.0.25b-1.el4_6.5.i386 samba-client-3.0.25b-1.el4_6.5.i386 My sestatus is having as below [EMAIL PROTECTED] ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted Policy booleans: allow_syslog_to_console inactive allow_ypbindinactive dhcpd_disable_trans inactive httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgiactive httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_transinactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive pegasus_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive use_syslognginactive winbind_disable_trans inactive ypbind_disable_transinactive When i joined the system to AD and restarted winbind, it did not give any selinux errors on /var/log/message, or console or /var/log/audit/audit.log [EMAIL PROTECTED] ~]# service winbind restart Shutting down Winbind services:[ OK ] Starting Winbind services: [ OK ] So can you paste your selinux messages, that you are getting, and the samba version. Or if you feel you can do the following , without making selinux to permissive or disabling it. #getsebool -P "winbind_disable_trans" = 1 Regards Niranjan On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt <[EMAIL PROTECTED]> wrote: > SELinux appears to be interfering with winbind's functionality. > > > > I have the lastest policy package installed: > > > > selinux-policy-targeted-1.17.30-2.149 > > > > which allegedly solves this problem according to the RedHat knowledge > base, but clearly does not. I have to turn off SELinux by using > setenforce 0 (permissive) to get winbind to work at all, and based on > what I see in the log files, disabling it completely is necessary to > prevent all interference. > > > > Am I missing something? Are other folks having this problem? > > > > Regards, > > Thomas Leavitt > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba