similar to: Samba4, bind9 and apparmor on Ubuntu

I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with Bind9_DLZ. I have one machine just like this one. Same hardware, same software setup. First machine is working fine. At the moment this (second) machine is not joined to the other (until I get Bind running.) I have searched log complaints. Compared settings between the two machines and despite bind running on the first one,

On 2016-10-16 12:55, Rowland Penny via samba wrote: > On Sun, 16 Oct 2016 12:38:00 -0500 > Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote: > >> I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with >> Bind9_DLZ. >> >> I have one machine just like this one. Same hardware, same software >> setup. First machine is

Hi Rowland, The samba-tool dns zonelist 127.0.0.1 -U Administrator%xxxxxxxxxx | grep 'pszZoneName', gives Using binding ncacn_ip_tcp:127.0.0.1[,sign] Mapped to DCERPC endpoint 135 added interface eth0 ip=192.168.117.10 bcast=192.168.14.255 netmask=255.255.255.0 added interface eth0 ip=192.168.117.10 bcast=192.168.14.255 netmask=255.255.255.0 Mapped to DCERPC endpoint 1024 added interface

Hi everybody! I was trying to set up port forwarding to one of my VM's but I'm stuck. I was following this guide: http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections So I've created the hook script but it seems like libvirt is not calling it upon the start of the VM. I've put this into the hook script: date >> /tmp/libvirt-hook-debug but the file was

On Mon, 6 May 2019 09:47:44 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote: > Hi Louis, > > Thank you for that. > > I don’t have a /var/lib/samba/bind-dns/dns/ , only > have /var/lib/samba/private/dns. > > Apparmor is now stopped and masked. I had masked the smbd and nmbd > post the migration, have masked the winbind now. > > Have

Hai, 1) apparmor, disable it, and try again, so we can confirm if its an apparmor settings. 2) winbind is starting from systemd while as AD-DC you should disable that. - stop the member parts of samba and systemd. systemctl stop winbind smbd nmbd samba systemctl disable winbind smbd nmbd samba systemctl mask winbind smbd nmbd samba - enable the samba-ad-dc part in systemd.

On 11/28/2017 2:38 AM, Rowland Penny via samba wrote: > On Mon, 27 Nov 2017 14:53:32 -0600 > Dale Schroeder via samba <samba at lists.samba.org> wrote: > >> Last week, Debian testing (Buster) added apparmor to the list of >> dependencies for its latest kernel release, apparently because >> systemd needs it.  Recently, I noticed my first casualty - bind9 - >>

Last week, Debian testing (Buster) added apparmor to the list of dependencies for its latest kernel release, apparently because systemd needs it.  Recently, I noticed my first casualty - bind9 - due to apparmor failures with bind_dlz. Here is the initial journalctl results: Nov 23 10:12:12 debpdc named[16080]: starting BIND 9.10.6-Debian <id:9d1ea0b> -f -u bind Nov 23 10:12:12 debpdc

??????? Original Message ??????? On Thursday, April 11, 2019 9:01 PM, John Fawcett via dovecot <dovecot at dovecot.org> wrote: > On 11/04/2019 10:02, Laura Smith via dovecot wrote: > > > ??????? Original Message ??????? > > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot dovecot at dovecot.org wrote: > > > > > On 11/04/2019 00:51, Laura Smith

Hai,  Normaly i kick in sooner but im in bed fit by flu. :-(  You have to add the bind paths to the apparmor profile, or disable apparmor in total, just dont remove it, should work also. debian wiki or ubuntu wiki shows how.  But why are you using buster, imo really not safe,  if you wany a 4.7 for stretch use my apt. When im better i can have a look into your problem more closely. greetz

On 11/28/2017 9:02 AM, Rowland Penny wrote: > On Tue, 28 Nov 2017 08:37:22 -0600 > Dale Schroeder via samba <samba at lists.samba.org> wrote: > >> >> On 11/28/2017 2:38 AM, Rowland Penny via samba wrote: >>> On Mon, 27 Nov 2017 14:53:32 -0600 >>> Dale Schroeder via samba <samba at lists.samba.org> wrote: >>> >>>> Last week,

On 11/28/2017 11:11 AM, Robert Wooden wrote: > Dale, > > Been using Ubuntu server for years in my AD. Discovered a long time > ago that apparmor is not needed for a server. (Someone is probably > going to argue the other that is should be but . . .) > > Do not quote me but, I have read that AppArmor is intended more for a > desktop environment. I have always disabled and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In openSUSE 10.3, AppArmor modifies remove_suid to take a struct path rather than just a dentry. This patch tests that the kernel is openSUSE 10.3 or newer and adjusts the call accordingly. Debian/Ubuntu with AppArmor applied will also need a similar patch. Maintainers of btrfs under those distributions should build on this patch or,

On Sun, 16 Oct 2016 12:38:00 -0500 Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote: > I am working on my second Ubuntu 16.04.1LTS running Samba 4.5.0 with > Bind9_DLZ. > > I have one machine just like this one. Same hardware, same software > setup. First machine is working fine. > > At the moment this (second) machine is not joined to the other

> From: Rowland penny via samba <samba at lists.samba.org> > To: samba at lists.samba.org > Date: 05/14/2019 02:50 PM > Subject: Re: [Samba] Workstations cannot update DNS > Sent by: "samba" <samba-bounces at lists.samba.org> > > On 14/05/2019 21:36, Durwin via samba wrote: > > I am trying to get DDNS working, so workstations can update their ip.

I am playing with libvirt 1.1.1 (lxc) when I was starting a LXC container, the process location of cgroup is pretty , just the root directory from the process. But I could tune the cgroup in a container as an user that logged, This is not accepted... I wonder how to restrict it with apparmor ,so one can not modify files in the cgroup fs, e.g the cpus or mem, if i restrict it with "deny

Hi Current wiki suggestion (https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD#Interaction_with_AppArmor_or_SELinux) is to add the following to /etc/apparmor.d/local/usr.sbin.named # Samba4 DLZ and Active Directory Zones (default source installation) /usr/local/samba/lib/** rm, /usr/local/samba/private/dns.keytab r, /usr/local/samba/private/named.conf r,

Hello all, I am using dovecot on Debian stretch, with AppArmor, and I have this audit log: Mar 16 11:25:10 mail kernel: audit: type=1400 audit(1521199510.705:580): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=26797

Hi Rowland, Thank you. I think the 5 zones maybe a parsing issues somewhere. Also, the realms are in capital, must have been a typo. The UFW has been disabled and selinux is in a disbaled state /etc/bind/named.conf.options has options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to

I am trying to get DDNS working, so workstations can update their ip. The domain is msi.mycompany.com The DC server works, as well as group policies. I set rights to these files > chgrp bind /var/lib/samba/private/ > chmod 750 /var/lib/samba/private/ > chgrp bind /var/lib/samba/private/dns.keytab > chmod 640 /var/lib/samba/private/dns.keytab journalctl shows this. May 14 14:22:32