similar to: Samba4, bind9 and apparmor on Ubuntu

Displaying 20 results from an estimated 8000 matches similar to: "Samba4, bind9 and apparmor on Ubuntu"

2016 Oct 16
2
bind9 won't run
I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with Bind9_DLZ. I have one machine just like this one. Same hardware, same software setup. First machine is working fine. At the moment this (second) machine is not joined to the other (until I get Bind running.) I have searched log complaints. Compared settings between the two machines and despite bind running on the first one,
2016 Oct 16
1
bind9 won't run
On 2016-10-16 12:55, Rowland Penny via samba wrote: > On Sun, 16 Oct 2016 12:38:00 -0500 > Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote: > >> I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with >> Bind9_DLZ. >> >> I have one machine just like this one. Same hardware, same software >> setup. First machine is
2019 May 05
1
Issues with bind9 dlz
Hi Rowland, The samba-tool dns zonelist 127.0.0.1 -U Administrator%xxxxxxxxxx | grep 'pszZoneName', gives Using binding ncacn_ip_tcp:127.0.0.1[,sign] Mapped to DCERPC endpoint 135 added interface eth0 ip=192.168.117.10 bcast=192.168.14.255 netmask=255.255.255.0 added interface eth0 ip=192.168.117.10 bcast=192.168.14.255 netmask=255.255.255.0 Mapped to DCERPC endpoint 1024 added interface
2012 Jan 08
1
hooks not working on Ubuntu
Hi everybody! I was trying to set up port forwarding to one of my VM's but I'm stuck. I was following this guide: http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections So I've created the hook script but it seems like libvirt is not calling it upon the start of the VM. I've put this into the hook script: date >> /tmp/libvirt-hook-debug but the file was
2019 May 06
3
Doman join issues
On Mon, 6 May 2019 09:47:44 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > Hi Louis, > > Thank you for that. > > I don’t have a /var/lib/samba/bind-dns/dns/ , only > have /var/lib/samba/private/dns. > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > post the migration, have masked the winbind now. > > Have
2019 May 06
2
Doman join issues
Hai, 1) apparmor, disable it, and try again, so we can confirm if its an apparmor settings. 2) winbind is starting from systemd while as AD-DC you should disable that. - stop the member parts of samba and systemd. systemctl stop winbind smbd nmbd samba systemctl disable winbind smbd nmbd samba systemctl mask winbind smbd nmbd samba - enable the samba-ad-dc part in systemd.
2017 Nov 28
2
Debian Buster, bind_dlz, and apparmor
On 11/28/2017 2:38 AM, Rowland Penny via samba wrote: > On Mon, 27 Nov 2017 14:53:32 -0600 > Dale Schroeder via samba <samba at lists.samba.org> wrote: > >> Last week, Debian testing (Buster) added apparmor to the list of >> dependencies for its latest kernel release, apparently because >> systemd needs it.  Recently, I noticed my first casualty - bind9 - >>
2017 Nov 27
2
Debian Buster, bind_dlz, and apparmor
Last week, Debian testing (Buster) added apparmor to the list of dependencies for its latest kernel release, apparently because systemd needs it.  Recently, I noticed my first casualty - bind9 - due to apparmor failures with bind_dlz. Here is the initial journalctl results: Nov 23 10:12:12 debpdc named[16080]: starting BIND 9.10.6-Debian <id:9d1ea0b> -f -u bind Nov 23 10:12:12 debpdc
2019 Apr 11
1
failed: read(/var/run/dovecot/dns-client)
??????? Original Message ??????? On Thursday, April 11, 2019 9:01 PM, John Fawcett via dovecot <dovecot at dovecot.org> wrote: > On 11/04/2019 10:02, Laura Smith via dovecot wrote: > > > ??????? Original Message ??????? > > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot dovecot at dovecot.org wrote: > > > > > On 11/04/2019 00:51, Laura Smith
2017 Nov 28
2
Debian Buster, bind_dlz, and apparmor
Hai,  Normaly i kick in sooner but im in bed fit by flu. :-(  You have to add the bind paths to the apparmor profile, or disable apparmor in total, just dont remove it, should work also. debian wiki or ubuntu wiki shows how.  But why are you using buster, imo really not safe,  if you wany a 4.7 for stretch use my apt. When im better i can have a look into your problem more closely. greetz
2017 Nov 28
2
Debian Buster, bind_dlz, and apparmor
On 11/28/2017 9:02 AM, Rowland Penny wrote: > On Tue, 28 Nov 2017 08:37:22 -0600 > Dale Schroeder via samba <samba at lists.samba.org> wrote: > >> >> On 11/28/2017 2:38 AM, Rowland Penny via samba wrote: >>> On Mon, 27 Nov 2017 14:53:32 -0600 >>> Dale Schroeder via samba <samba at lists.samba.org> wrote: >>> >>>> Last week,
2017 Nov 28
2
Debian Buster, bind_dlz, and apparmor
On 11/28/2017 11:11 AM, Robert Wooden wrote: > Dale, > > Been using Ubuntu server for years in my AD. Discovered a long time > ago that apparmor is not needed for a server. (Someone is probably > going to argue the other that is should be but . . .) > > Do not quote me but, I have read that AppArmor is intended more for a > desktop environment. I have always disabled and
2008 Feb 06
1
[PATCH 1/4] btrfs: Add workaround for AppArmor changing remove_suid() prototype
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In openSUSE 10.3, AppArmor modifies remove_suid to take a struct path rather than just a dentry. This patch tests that the kernel is openSUSE 10.3 or newer and adjusts the call accordingly. Debian/Ubuntu with AppArmor applied will also need a similar patch. Maintainers of btrfs under those distributions should build on this patch or,
2016 Oct 16
0
bind9 won't run
On Sun, 16 Oct 2016 12:38:00 -0500 Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote: > I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with > Bind9_DLZ. > > I have one machine just like this one. Same hardware, same software > setup. First machine is working fine. > > At the moment this (second) machine is not joined to the other
2019 May 15
2
Workstations cannot update DNS
> From: Rowland penny via samba <samba at lists.samba.org> > To: samba at lists.samba.org > Date: 05/14/2019 02:50 PM > Subject: Re: [Samba] Workstations cannot update DNS > Sent by: "samba" <samba-bounces at lists.samba.org> > > On 14/05/2019 21:36, Durwin via samba wrote: > > I am trying to get DDNS working, so workstations can update their ip.
2013 Aug 26
2
How to deal with LXC cgroup access control with apparmor ?
I am playing with libvirt 1.1.1 (lxc) when I was starting a LXC container, the process location of cgroup is pretty , just the root directory from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted... I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup fs, e.g the cpus or mem, if i restrict it with "deny
2015 Sep 03
3
BIND 9.9 apparmor rules with Samba
Hi Current wiki suggestion (https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#Interaction_with_AppArmor_or_SELinux) is to add the following to /etc/apparmor.d/local/usr.sbin.named # Samba4 DLZ and Active Directory Zones (default source installation) /usr/local/samba/lib/** rm, /usr/local/samba/private/dns.keytab r, /usr/local/samba/private/named.conf r,
2018 Mar 16
1
Dovecot on Debian Stretch with AppArmor
Hello all, I am using dovecot on Debian stretch, with AppArmor, and I have this audit log: Mar 16 11:25:10 mail kernel: audit: type=1400 audit(1521199510.705:580): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=26797
2019 May 04
2
Issues with bind9 dlz
Hi Rowland, Thank you. I think the 5 zones maybe a parsing issues somewhere. Also, the realms are in capital, must have been a typo. The UFW has been disabled and selinux is in a disbaled state /etc/bind/named.conf.options has options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to
2019 May 14
2
Workstations cannot update DNS
I am trying to get DDNS working, so workstations can update their ip. The domain is msi.mycompany.com The DC server works, as well as group policies. I set rights to these files > chgrp bind /var/lib/samba/private/ > chmod 750 /var/lib/samba/private/ > chgrp bind /var/lib/samba/private/dns.keytab > chmod 640 /var/lib/samba/private/dns.keytab journalctl shows this. May 14 14:22:32