similar to: CentOS 7, samba-4.4.4-14.el7_3 and openldap-2.4.40-13.el7 -- file permissions?

Ever since a recent power failure I have been getting a Logrotate error. My machine is on a UPS -- it shutdown cleanly, but I suspect that its BIOS/RTC battery is dead, since the machine came up thinking it was 1982 :-(. I reset the clock and everything is fine, *except* I had to delete Logrotate's state files (which had bad dates). But now Logrotate is raising the error: error: error

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now

-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a working dovecot/postfix/mysql server running

The context should be: system_u:object_r:dovecot_cert_t:s0 Try: restorecon -v /etc/pki/dovecot/private/mailserver.crt Bill On 10/8/2017 1:06 AM, SH Development wrote: > -rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > > >> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: >> >>

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid

Something like this. But this link has no info that I need. On the roadmap: https://wiki.samba.org/index.php/Roadmap There is information <https://wiki.samba.org/index.php/Samba4/LDAP_Backend#.28De.29motivation> about general purpose LDAP server as the backend (e.g. openLDAP). But that's not what i was looking for. I looking for status of `passdb backend = ldapsam` feature. This

Hi, Please help me identify what additional is to be done. On 4 Dec 2017 15:10, "Arjit Gupta" <arjitk.gupta at gmail.com> wrote: > Hi, > > I have enabled ldap ssl on Windows 2008 server active directory and want > to join ads domain with net ads join command. > > I am getting below error:- > net ads join -U Administrator >

Hi, I have enabled ldap ssl on Windows 2008 server active directory and want to join ads domain with net ads join command. I am getting below error:- net ads join -U Administrator ldap_url_parse_ext(ldap://localhost/) ldap_init: trying /etc/ldap/ldap.conf ldap_init: using /etc/ldap/ldap.conf ldap_init: HOME env is /root ldap_init: trying /root/ldaprc ldap_init: trying /root/.ldaprc ldap_init:

Hi, Any one any suggestion how to make this work. This issue is reported in ubuntu bug 1576799 <https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1576799?comments=all> earlier But the solution suggested of replacing ldap ssl ads = Yes to ldap server require strong auth = Yes leaves communication in plain format. Arjit Kumar 9650104435 On Tue, Dec 5, 2017 at 12:18 PM, Arjit Gupta

Hi, On checking it further. I observe below message from net ads command. LDAP] TLS: hostname (*X.X.X.X*) does not match common name in certificate ( win.cifs.com). [LDAP] ldap_err2string Failed to issue the StartTLS instruction: Connect error I am able to fetch data successfully from ldapsearch command. It seems samba is connecting to ldap with IP but in client certificate domain name is

Hi, I have modified my /etc/ldap/ldap.conf cat /etc/ldap/ldap.conf #TLS_REQCERT HARD TLS_REQCERT ALLOW TLS_CACERT /etc/ssl/certs/msadmaster.pem After above changes net ads is succesfull with ssl/tls I have verified at Windows AD DC end that TLS is being used for communication with the help of wireshark. Though i am not sure what is impact of changing TLS_REQCERT to ALLOW from HARD

Installed Packages Name : postfix Arch : x86_64 Epoch : 2 Version : 2.6.6 Release : 6.el6_5 Size : 9.7 M Repo : installed >From repo : updates I am seeing several of these in our maillog file after a restart of the Postfix service: Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from 'read, write'

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP. I would like to add another server, and have it authenticate users against openLDAP. I thought I had to add the new server to the domain with "net rpc join", but that seems to think I want to join an AD domain, and fails: # net rpc join -U root%mypassword No realm has been specified! Do you really want to join

On 2/4/20 9:59 AM, Sergio Belkin wrote: > Hi, > I've done the following: > - Copy usr content with rsync to another partition: > > rsync -av --partial --progress /usr/ /mnt > > Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not > the directory itself). But I've found that is bad labeled: > > ls -Z /usr >

Am 24.10.2016 um 23:44 schrieb Gordon Messmer <gordon.messmer at gmail.com>: > On 10/24/2016 09:53 AM, Leon Fauster wrote: >> Any suggestions to avoid the default labeling "unconfined_u:object_r:locale_t:s0"? > > > Not off the top of my head. I think you need to either a) not try to preserve the labels or b) run the backup as a user which can manage labels.

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps

Hello, can any tell me the correct selinux Settings for the Maildir Setting ? in the Moment I have this setting Jan 8 15:04:52 2017 from 192.168.100.100 [root at mx03 ~]# ls -Z /srv/vmail drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at drwx------. vmail vmail