[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
Hi, I am not seeing this issue on RHEL4 update 6. but i am using samba-3.0.25b-1.el4_6.5 samba-common-3.0.25b-1.el4_6.5.i386 samba-client-3.0.25b-1.el4_6.5.i386 My sestatus is having as below snip [EMAIL PROTECTED] ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted Policy booleans: allow_syslog_to_console inactive allow_ypbindinactive dhcpd_disable_trans inactive httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgiactive httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_transinactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive pegasus_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive use_syslognginactive winbind_disable_trans inactive ypbind_disable_transinactive /snip When i joined the system to AD and restarted winbind, it did not give any selinux errors on /var/log/message, or console or /var/log/audit/audit.log snip [EMAIL PROTECTED] ~]# service winbind restart Shutting down Winbind services:[ OK ] Starting Winbind services: [ OK ] /snip So can you paste your selinux messages, that you are getting, and the samba version. Or if you feel you can do the following , without making selinux to permissive or disabling it. #getsebool -P winbind_disable_trans = 1 Regards Niranjan On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt [EMAIL PROTECTED] wrote: SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
oops In my previous post i made a typo #getsebool -P winbind_disable_trans = 1 it should be #setsebool -P winbind_disable_trans = 1 On Wed, Jun 4, 2008 at 10:25 AM, mallapadi niranjan [EMAIL PROTECTED] wrote: Hi, I am not seeing this issue on RHEL4 update 6. but i am using samba-3.0.25b-1.el4_6.5 samba-common-3.0.25b-1.el4_6.5.i386 samba-client-3.0.25b-1.el4_6.5.i386 My sestatus is having as below snip [EMAIL PROTECTED] ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted Policy booleans: allow_syslog_to_console inactive allow_ypbindinactive dhcpd_disable_trans inactive httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgiactive httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_transinactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive pegasus_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive use_syslognginactive winbind_disable_trans inactive ypbind_disable_transinactive /snip When i joined the system to AD and restarted winbind, it did not give any selinux errors on /var/log/message, or console or /var/log/audit/audit.log snip [EMAIL PROTECTED] ~]# service winbind restart Shutting down Winbind services:[ OK ] Starting Winbind services: [ OK ] /snip So can you paste your selinux messages, that you are getting, and the samba version. Or if you feel you can do the following , without making selinux to permissive or disabling it. #getsebool -P winbind_disable_trans = 1 Regards Niranjan On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt [EMAIL PROTECTED] wrote: SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
