similar to: Experience getting winbind Active Directory login on a Samba 4 domain controller

On 10/03/2017 11:32 AM, ToddAndMargo via samba wrote: > On 10/03/2017 05:33 AM, Rowland Penny via samba wrote: >> Sorry if some of these sound like teaching your grandmother to suck >> eggs, but it is better to say them than not;-) >> >> Rowland > > Hi Rowland, > >    I appreciate the the help!  You did exactly what I > ask for, which was to let it rip.

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

Hi All, You please look over my smb.conf and make criticism as appropriate? This is a workgroup server. winbind is running DDNS is also running (DNS [bind] talks to DHCPd) Many thanks, -T Tony Ewell, B.S.E.E. Owner, Rent-A-Nerd Computer Services 775-265-5150, 9:00 am to 5:00 pm PST/PDT Warning, this is long winded! <smb.conf> ; To test this file: # testparm ; To operate with XP,

Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow < /var/log/audit.log as I find it easier to read quickly): allow postfix_postdrop_t rpm_t:tcp_socket { read write }; allow

On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: > Quick?n?(really) dirty SELinux howto: Alternate process: 1: setenforce permissive 2: tail -f /var/log/audit/audit.log | grep AVC 3: use the service, exercise each function that's constrained by the existing policy 4: copy and paste the output from the terminal used for #2 into "audit2allow -M <modulename>" 5:

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

Gordon, Thank you for your help on this. Still not working... On 04/26/2017 06:27 PM, Gordon Messmer wrote: > On 04/26/2017 12:29 AM, Robert Moskowitz wrote: >> But the policy generates errors. I will have to submit a bug report, >> it seems > > > A bug report would probably be helpful. > > I'm looking back at the message you wrote describing errors in >

Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #

CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if

Hey guys, I've got another C7 problem I was hoping to solve. I installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. It's failing to communicate with it's controller on another host. And this is the interesting part. Whether or not I have SELinux enabled, I have apache reporting SELinux problems. [root at web1:~] #getenforce Permissive May 10 20:47:56 web1 python[25735]:

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

Hello all... I maintain an amateurish email list for my wife's website on my CentOS 6 server. Once-a-month, she sends mail to "mylistaddr at mydomain.com" and the /etc/aliases file redirects that to my script: mylistaddr: "| /usr/bin/php-cgi /var/www/html/mydomain/email-cgi.php" The script, in turn, reads the recipient addresses out of a DB and composes and sends the

On 3/22/23 12:45, Laszlo Ersek wrote: > On 3/22/23 12:42, Daniel P. Berrang? wrote: >> On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >>> On 3/22/23 11:42, Laszlo Ersek wrote: >>> >>>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>>> libnbd-alpine-edge" command is failing with a different error

Hello, I'm using HP homeserver where host system run CentOS 6.3 with KVM virtualization with SELinux enabled, guests too run the same OS (but without SELinux, but this does not matter). Host system installed on mirrors based on sda and sdb physical disks. sd{c..f} disks attached to KVM guest (whole disks, not partitions; needed to use zfs (zfsonlinux) benefit features). Problem is that disks

On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit : >> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: >>> Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : >>>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I >>>> pretty much just use commands and not

Am 11.04.2020 um 13:00 schrieb Andrei Petru Mura: > Hi, > > After configuring systemd unit with ReadWritePaths=/home/mail, I get the > following error logs in audit: > type=AVC msg=audit(1586604621.637:6736): avc: denied { write } for > pid=12750 comm="imap" name="Maildir" dev="dm-3" ino=438370738 > scontext=system_u:system_r:dovecot_t:s0

Hello, After a yum update last night, I had a CenOS 5.4 i386 system pull in the following selinux updates: Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch Jan 07 21:39:31 Updated: selinux-policy-targeted-2.4.6-255.el5_4.3.noarch This machine has SELinux set to Enforcing. This morning, I see I got the following email from Cron: /etc/cron.daily/0logwatch: sendmail: warning:

> On 11/04/2020 15:57 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > On 11/04/2020 15:47 Alex JOST < jost+lists at dimejo.at> wrote: > > > > > > > > > > Am 11.04.2020 um 13:00 schrieb Andrei Petru Mura: > > > Hi, > > > > > > > > > After configuring systemd unit with

Restarting one of our named services produces this entry in the system log file: Oct 12 08:47:45 inet08 setroubleshoot: SELinux is preventing /usr/sbin/named from search access on the directory . For complete SELinux messages. run sealert -l 9eabadb9-0e03-4238-bdb8-c5204333a0bf Checking the selinux incident reference shows this: # sealert -l 9eabadb9-0e03-4238-bdb8-c5204333a0bf SELinux is