[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
This is a discussion on [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6 within the Samba forums, part of the Networking and Network Related category; SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-03-2008
|
|||
|
|||
[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
SELinux appears to be interfering with winbind's functionality.
I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
06-04-2008
|
|||
|
|||
|
Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
Hi,
I am not seeing this issue on RHEL4 update 6. but i am using samba-3.0.25b-1.el4_6.5 samba-common-3.0.25b-1.el4_6.5.i386 samba-client-3.0.25b-1.el4_6.5.i386 My sestatus is having as below <snip> [root@dhcp6-193 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted Policy booleans: allow_syslog_to_console inactive allow_ypbind inactive dhcpd_disable_trans inactive httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_trans inactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive pegasus_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive use_syslogng inactive winbind_disable_trans inactive ypbind_disable_trans inactive </snip> When i joined the system to AD and restarted winbind, it did not give any selinux errors on /var/log/message, or console or /var/log/audit/audit.log <snip> [root@dhcp6-193 ~]# service winbind restart Shutting down Winbind services: [ OK ] Starting Winbind services: [ OK ] </snip> So can you paste your selinux messages, that you are getting, and the samba version. Or if you feel you can do the following , without making selinux to permissive or disabling it. #getsebool -P "winbind_disable_trans" = 1 Regards Niranjan On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt <tleavitt@unameits.com> wrote: > SELinux appears to be interfering with winbind's functionality. > > > > I have the lastest policy package installed: > > > > selinux-policy-targeted-1.17.30-2.149 > > > > which allegedly solves this problem according to the RedHat knowledge > base, but clearly does not. I have to turn off SELinux by using > setenforce 0 (permissive) to get winbind to work at all, and based on > what I see in the log files, disabling it completely is necessary to > prevent all interference. > > > > Am I missing something? Are other folks having this problem? > > > > Regards, > > Thomas Leavitt > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-04-2008
|
|||
|
|||
|
Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
oops
In my previous post i made a typo #getsebool -P "winbind_disable_trans" = 1 it should be #setsebool -P "winbind_disable_trans" = 1 On Wed, Jun 4, 2008 at 10:25 AM, mallapadi niranjan < niranjan.ashok@gmail.com> wrote: > Hi, > > I am not seeing this issue on RHEL4 update 6. but i am using > > samba-3.0.25b-1.el4_6.5 > samba-common-3.0.25b-1.el4_6.5.i386 > samba-client-3.0.25b-1.el4_6.5.i386 > > My sestatus is having as below > > <snip> > [root@dhcp6-193 ~]# sestatus > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: enforcing > Mode from config file: enforcing > Policy version: 18 > Policy from config file:targeted > > Policy booleans: > allow_syslog_to_console inactive > allow_ypbind inactive > dhcpd_disable_trans inactive > httpd_builtin_scripting active > httpd_disable_trans inactive > httpd_enable_cgi active > httpd_enable_homedirs active > httpd_ssi_exec active > httpd_tty_comm inactive > httpd_unified active > mysqld_disable_trans inactive > named_disable_trans inactive > named_write_master_zonesinactive > nscd_disable_trans inactive > ntpd_disable_trans inactive > pegasus_disable_trans inactive > portmap_disable_trans inactive > postgresql_disable_transinactive > snmpd_disable_trans inactive > squid_disable_trans inactive > syslogd_disable_trans inactive > use_nfs_home_dirs inactive > use_samba_home_dirs inactive > use_syslogng inactive > winbind_disable_trans inactive > ypbind_disable_trans inactive > </snip> > > When i joined the system to AD and restarted winbind, it did not give any > selinux errors on /var/log/message, or console or /var/log/audit/audit.log > > <snip> > [root@dhcp6-193 ~]# service winbind restart > > Shutting down Winbind services: [ OK ] > Starting Winbind services: [ OK ] > </snip> > > So can you paste your selinux messages, that you are getting, and the samba > version. Or if you feel you can do the following , without making selinux > to permissive or disabling it. > > #getsebool -P "winbind_disable_trans" = 1 > > Regards > Niranjan > > > On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt <tleavitt@unameits.com> > wrote: > >> SELinux appears to be interfering with winbind's functionality. >> >> >> >> I have the lastest policy package installed: >> >> >> >> selinux-policy-targeted-1.17.30-2.149 >> >> >> >> which allegedly solves this problem according to the RedHat knowledge >> base, but clearly does not. I have to turn off SELinux by using >> setenforce 0 (permissive) to get winbind to work at all, and based on >> what I see in the log files, disabling it completely is necessary to >> prevent all interference. >> >> >> >> Am I missing something? Are other folks having this problem? >> >> >> >> Regards, >> >> Thomas Leavitt >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Linear Mode
