samba - Jun 2008 - SELinux and samba/winbind w/ADS on RHEL 4.6

SELinux appears to be interfering with winbind's functionality.

 

I have the lastest policy package installed:

 

selinux-policy-targeted-1.17.30-2.149

 

which allegedly solves this problem according to the RedHat knowledge
base, but clearly does not. I have to turn off SELinux by using
setenforce 0 (permissive) to get winbind to work at all, and based on
what I see in the log files, disabling it completely is necessary to
prevent all interference.

 

Am I missing something? Are other folks having  this problem?

 

Regards,

Thomas Leavitt

Hi,

I am not seeing this issue on RHEL4 update 6. but i am using

samba-3.0.25b-1.el4_6.5
samba-common-3.0.25b-1.el4_6.5.i386
samba-client-3.0.25b-1.el4_6.5.i386

My sestatus is having as below

<snip>
[root@dhcp6-193 ~]# sestatus
SELinux status:         enabled
SELinuxfs mount:        /selinux
Current mode:           enforcing
Mode from config file:  enforcing
Policy version:         18
Policy from config file:targeted

Policy booleans:
allow_syslog_to_console inactive
allow_ypbind            inactive
dhcpd_disable_trans     inactive
httpd_builtin_scripting active
httpd_disable_trans     inactive
httpd_enable_cgi        active
httpd_enable_homedirs   active
httpd_ssi_exec          active
httpd_tty_comm          inactive
httpd_unified           active
mysqld_disable_trans    inactive
named_disable_trans     inactive
named_write_master_zonesinactive
nscd_disable_trans      inactive
ntpd_disable_trans      inactive
pegasus_disable_trans   inactive
portmap_disable_trans   inactive
postgresql_disable_transinactive
snmpd_disable_trans     inactive
squid_disable_trans     inactive
syslogd_disable_trans   inactive
use_nfs_home_dirs       inactive
use_samba_home_dirs     inactive
use_syslogng            inactive
winbind_disable_trans   inactive
ypbind_disable_trans    inactive
</snip>

When i joined the system to AD and restarted winbind, it  did not give any
selinux errors on /var/log/message, or console or /var/log/audit/audit.log

<snip>
[root@dhcp6-193 ~]# service winbind restart

Shutting down Winbind services:                            [  OK  ]
Starting Winbind services:                                 [  OK  ]
</snip>

So can you paste your selinux messages, that you are getting, and the samba
version.  Or if you feel you can do the following ,  without making selinux
to permissive or disabling it.

#getsebool -P "winbind_disable_trans" = 1

Regards
Niranjan

On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt <tleavitt@unameits.com>
wrote:
> SELinux appears to be interfering with winbind's functionality.
>
>
>
> I have the lastest policy package installed:
>
>
>
> selinux-policy-targeted-1.17.30-2.149
>
>
>
> which allegedly solves this problem according to the RedHat knowledge
> base, but clearly does not. I have to turn off SELinux by using
> setenforce 0 (permissive) to get winbind to work at all, and based on
> what I see in the log files, disabling it completely is necessary to
> prevent all interference.
>
>
>
> Am I missing something? Are other folks having  this problem?
>
>
>
> Regards,
>
> Thomas Leavitt
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>