search for: apparmor

...w where you missing a setting or did a wrong setting, but this should all work out of the box. The PTR lookup responce with ip of the DC, should be hostname.fqdn. and not hostname. I've also had a good look at the debug script output again. That all looks ok to me so i'm wondering, if apparmor is in play here or systemd things. Im missing rules in apparmor, as shown below. You are using internal DNS and not Bind9_DLZ. ( base on smb.conf outputs ) so .. Can you run : cat /var/log/syslog | grep 'DENIED' And cat /var/log/auditd/auditd.log | grep 'DENIED' ( if auditd...

Hai, Becarefull with "apt-get remove apparmor". If you remove apparmor and mysql-server is installed on the same server, beware the you remove mysql-server also and re-installing mysql-server also installs apparmor. I experienced that multiple times with Ubuntu 16.04 and maybe there are more like this. The preffered way: Use the /...

Both ubuntu machines have iptables -L: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination And the windows server firewall off How can that happen to me... I am speechless Lin

...tting or did a wrong setting, > but this should all work out of the box. > > The PTR lookup responce with ip of the DC, should be hostname.fqdn. and not hostname. > > I've also had a good look at the debug script output again. > That all looks ok to me so i'm wondering, if apparmor is in play here or systemd things. > > Im missing rules in apparmor, as shown below. > You are using internal DNS and not Bind9_DLZ. ( base on smb.conf outputs ) so .. > > Can you run : > cat /var/log/syslog | grep 'DENIED' > And > cat /var/log/auditd/auditd.log | gr...

On 11/28/2017 11:11 AM, Robert Wooden wrote: > Dale, > > Been using Ubuntu server for years in my AD. Discovered a long time > ago that apparmor is not needed for a server. (Someone is probably > going to argue the other that is should be but . . .) > > Do not quote me but, I have read that AppArmor is intended more for a > desktop environment. I have always disabled and then removed AppArmor > and have never had any issue...

On 11/28/2017 2:38 AM, Rowland Penny via samba wrote: > On Mon, 27 Nov 2017 14:53:32 -0600 > Dale Schroeder via samba <samba at lists.samba.org> wrote: > >> Last week, Debian testing (Buster) added apparmor to the list of >> dependencies for its latest kernel release, apparently because >> systemd needs it.  Recently, I noticed my first casualty - bind9 - >> due to apparmor failures with bind_dlz. >> >> Knowing next to nothing about apparmor, what is needed to fix this, &...

...-cbc-md5 And does it work if you run it like this : samba-tool dns serverinfo athena -Uadministrator And test the following. hostname -s hostname -d nslookup $(hostname -f) dig A $(hostname -f) dig -x $(hostname -i) And can you show the output of : egrep -ri "samba|winbind" /etc/apparmor.d/* And maybe its an option to try the 4.10.6 package i supply. Debian buster packages are updated within 1-2 hours. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert A Wooldridge via samba > Verzonden: don...

On 11/05/2020 15:24, L. van Belle via samba wrote: > For all Debian 10 people and strange things after upgrade of debian. > > > apt remove apparmor > > Next debian upgrade use : apt dist-upgrade --no-install-recomends > That wont install apparmor. Ah, now I think about it, this came up on the Devuan mailing list, Debian seems to have gone mad and now installs every recommended package. This is breaking lots of working systems. Row...

...ists.samba.org> wrote: > >> >> On 11/28/2017 2:38 AM, Rowland Penny via samba wrote: >>> On Mon, 27 Nov 2017 14:53:32 -0600 >>> Dale Schroeder via samba <samba at lists.samba.org> wrote: >>> >>>> Last week, Debian testing (Buster) added apparmor to the list of >>>> dependencies for its latest kernel release, apparently because >>>> systemd needs it.  Recently, I noticed my first casualty - bind9 - >>>> due to apparmor failures with bind_dlz. >>>> >>>> Knowing next to nothing about...

Hai,  Normaly i kick in sooner but im in bed fit by flu. :-(  You have to add the bind paths to the apparmor profile, or disable apparmor in total, just dont remove it, should work also. debian wiki or ubuntu wiki shows how.  But why are you using buster, imo really not safe,  if you wany a 4.7 for stretch use my apt. When im better i can have a look into your problem more closely. greetz Louis.....

...to the other (until >> I get Bind running.) >> >> I have searched log complaints. Compared settings between the two >> machines and despite bind running on the first one, cannot get bind to >> run on the second. >> >> root at dtdc03:~# systemctl restart apparmor.service >> root at dtdc03:~# systemctl status apparmor.service >> ● apparmor.service - LSB: AppArmor initialization >> Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled) >> Active: active (exited) since Sun 2016-10-16 12:14:58 CDT; 13s ago >> Docs: man:...

...king fine. At the moment this (second) machine is not joined to the other (until I get Bind running.) I have searched log complaints. Compared settings between the two machines and despite bind running on the first one, cannot get bind to run on the second. root at dtdc03:~# systemctl restart apparmor.service root at dtdc03:~# systemctl status apparmor.service ● apparmor.service - LSB: AppArmor initialization Loaded: loaded (/etc/init.d/apparmor; bad; vendor preset: enabled) Active: active (exited) since Sun 2016-10-16 12:14:58 CDT; 13s ago Docs: man:systemd-sysv-generator(8) Proces...

On Tue, 28 Nov 2017 11:24:58 -0600 Dale Schroeder <dale at BriannasSaladDressing.com> wrote: > On 11/28/2017 11:11 AM, Robert Wooden wrote: > > Dale, > > > > Been using Ubuntu server for years in my AD. Discovered a long time > > ago that apparmor is not needed for a server. (Someone is probably > > going to argue the other that is should be but . . .) > > > > Do not quote me but, I have read that AppArmor is intended more for > > a desktop environment. I have always disabled and then removed > > AppArmor and h...

Of course, this really isn't "the problem". Nothing wrong with apparmor or selinux. The problem is assuming a "one set of rules fits all" mentality. I actually like apparmor. But maybe if people knew how to use it to make their own policies instead of accepting (note: In this case the "accept" is through the distribution's install) the ass...

Last week, Debian testing (Buster) added apparmor to the list of dependencies for its latest kernel release, apparently because systemd needs it.  Recently, I noticed my first casualty - bind9 - due to apparmor failures with bind_dlz. Here is the initial journalctl results: Nov 23 10:12:12 debpdc named[16080]: starting BIND 9.10.6-Debian &lt...

Hi guys, I want to enable apparmor security driver for my libvirt env with ubuntu os. What I do is as following: First, I got the source code and compile it. ubuntu@ubuntu:~/github$git clone git://libvirt.org/libvirt.git ubuntu@ubuntu:~/github/libvirt$ dpkg -l|grep apparmor ii apparmor 2.8.95~2430-0ubuntu5 amd64 User-space parser...

Dale, Been using Ubuntu server for years in my AD. Discovered a long time ago that apparmor is not needed for a server. (Someone is probably going to argue the other that is should be but . . .) Do not quote me but, I have read that AppArmor is intended more for a desktop environment. I have always disabled and then removed AppArmor and have never had any issues. Of course I am behind a...

...ibute containing a number inside > 10000-999999 ? > > Yes. It's a fresh AD. 2 users at the moment. And as mentioned, I've been only using the Administrator so far. Does Domain Users have a gidNumber attribute containing a number inside > 10000-999999 ? > > Yes, 10000. Is Apparmor (or Selinux) running and denying access ? No Selinux present. As for Apparmor, it doesn't look like it. ubuntu at fs1:/$ sudo apparmor_status apparmor module is loaded. 9 profiles are loaded. 9 profiles are in enforce mode. /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/Networ...

...ba <samba at lists.samba.org> wrote: > > > On 11/28/2017 2:38 AM, Rowland Penny via samba wrote: > > On Mon, 27 Nov 2017 14:53:32 -0600 > > Dale Schroeder via samba <samba at lists.samba.org> wrote: > > > >> Last week, Debian testing (Buster) added apparmor to the list of > >> dependencies for its latest kernel release, apparently because > >> systemd needs it.  Recently, I noticed my first casualty - bind9 - > >> due to apparmor failures with bind_dlz. > >> > >> Knowing next to nothing about apparmor, what...

...================================================================================================================================================================================================== > > > > > > > > > > > > Initially I thought "oh no, not another AppArmor block". > > > > > > > > > > > > But then surely the second message would not appear if the DNS lookup was not successful ? > > > > > > > > > > > > Also "dig foobar.example.com" works fine. > > > > &gt...