SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt
mallapadi niranjan
2008-Jun-04 04:56 UTC
[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
Hi, I am not seeing this issue on RHEL4 update 6. but i am using samba-3.0.25b-1.el4_6.5 samba-common-3.0.25b-1.el4_6.5.i386 samba-client-3.0.25b-1.el4_6.5.i386 My sestatus is having as below <snip> [root@dhcp6-193 ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted Policy booleans: allow_syslog_to_console inactive allow_ypbind inactive dhcpd_disable_trans inactive httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_trans inactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive pegasus_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive use_syslogng inactive winbind_disable_trans inactive ypbind_disable_trans inactive </snip> When i joined the system to AD and restarted winbind, it did not give any selinux errors on /var/log/message, or console or /var/log/audit/audit.log <snip> [root@dhcp6-193 ~]# service winbind restart Shutting down Winbind services: [ OK ] Starting Winbind services: [ OK ] </snip> So can you paste your selinux messages, that you are getting, and the samba version. Or if you feel you can do the following , without making selinux to permissive or disabling it. #getsebool -P "winbind_disable_trans" = 1 Regards Niranjan On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt <tleavitt@unameits.com> wrote:> SELinux appears to be interfering with winbind's functionality. > > > > I have the lastest policy package installed: > > > > selinux-policy-targeted-1.17.30-2.149 > > > > which allegedly solves this problem according to the RedHat knowledge > base, but clearly does not. I have to turn off SELinux by using > setenforce 0 (permissive) to get winbind to work at all, and based on > what I see in the log files, disabling it completely is necessary to > prevent all interference. > > > > Am I missing something? Are other folks having this problem? > > > > Regards, > > Thomas Leavitt > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Reasonably Related Threads
- CESA-2008:0161 Important CentOS 5 i386 cups - security update
- CESA-2008:0161 Important CentOS 5 i386 cups - security update
- Samba 3.0.20b - still getting "Winbind Dead but subsys locked"
- Performance and disconnect troubles on winbind after samba upgrade
- CentOS-announce Digest, Vol 39, Issue 15