Displaying 20 results from an estimated 1000 matches similar to: "CentOS 7, samba-4.4.4-14.el7_3 and openldap-2.4.40-13.el7 -- file permissions?"
2018 Nov 11
0
CentOS 6: Logrotate / selinux problem
Ever since a recent power failure I have been getting a Logrotate error. My
machine is on a UPS -- it shutdown cleanly, but I suspect that its BIOS/RTC
battery is dead, since the machine came up thinking it was 1982 :-(. I reset
the clock and everything is fine, *except* I had to delete Logrotate's state
files (which had bad dates). But now Logrotate is raising the error:
error: error
2013 Nov 25
2
ltsp & Selinux
Hello All,
I set up ltsp regulary, on Centos6 machines.
This morning I have a Selinux problem that usualy does not occur:
after setting everything up, the thinclients boot, but nobody can login.
It only works after the command :
# echo 0 > /selinux/enforce
I tried this semanage command:
# semanage fcontext -a -t bin_t /usr/bin/xauth
but it makes no difference.
The message I'm now
2017 Oct 08
2
Permission denied error on private key...
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt
> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote:
>
> What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say?
>
> Bill
>
> On 10/7/2017 7:30 PM, SH Development wrote:
>> I have a working dovecot/postfix/mysql server running
2017 Oct 08
0
Permission denied error on private key...
The context should be:
system_u:object_r:dovecot_cert_t:s0
Try:
restorecon -v /etc/pki/dovecot/private/mailserver.crt
Bill
On 10/8/2017 1:06 AM, SH Development wrote:
> -rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt
>
>
>> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote:
>>
>>
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my
understanding of the process, if required.
"i_stream_read() failed: Permission denied" is an error message generated
when a large-ish file (>128kb in my case) is attached to a message that
has been passed to Dovecot's deliver program when SELinux is being
enforced.
In my case, these messages are first run
2011 Jan 31
1
Squid and SELinux
Hi.
I'm trying to setup squid with SELinux, the problem i encounter is taht
i want to add another directory for cache, in this system we have a home
partition with huge space, i create a squid dir and add the path with
semanage:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid
2019 Feb 05
3
Samba 4.7 and Editposix/Trusted Ldapsam extension support.
Something like this.
But this link has no info that I need.
On the roadmap: https://wiki.samba.org/index.php/Roadmap
There is information
<https://wiki.samba.org/index.php/Samba4/LDAP_Backend#.28De.29motivation>
about general purpose LDAP server as the backend (e.g. openLDAP).
But that's not what i was looking for.
I looking for status of `passdb backend = ldapsam` feature. This
2017 Dec 05
0
samba net ads join windows active directory with ldap ssl
Hi,
Please help me identify what additional is to be done.
On 4 Dec 2017 15:10, "Arjit Gupta" <arjitk.gupta at gmail.com> wrote:
> Hi,
>
> I have enabled ldap ssl on Windows 2008 server active directory and want
> to join ads domain with net ads join command.
>
> I am getting below error:-
> net ads join -U Administrator
>
2017 Dec 04
2
samba net ads join windows active directory with ldap ssl
Hi,
I have enabled ldap ssl on Windows 2008 server active directory and want to
join ads domain with net ads join command.
I am getting below error:-
net ads join -U Administrator
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init:
2017 Dec 07
0
samba net ads join windows active directory with ldap ssl
Hi,
Any one any suggestion how to make this work.
This issue is reported in ubuntu bug 1576799
<https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1576799?comments=all>
earlier
But the solution suggested of replacing ldap ssl ads = Yes to ldap server
require strong auth = Yes leaves communication in plain format.
Arjit Kumar
9650104435
On Tue, Dec 5, 2017 at 12:18 PM, Arjit Gupta
2017 Dec 05
2
samba net ads join windows active directory with ldap ssl
Hi,
On checking it further.
I observe below message from net ads command.
LDAP] TLS: hostname (*X.X.X.X*) does not match common name in certificate (
win.cifs.com).
[LDAP] ldap_err2string
Failed to issue the StartTLS instruction: Connect error
I am able to fetch data successfully from ldapsearch command.
It seems samba is connecting to ldap with IP but in client certificate
domain name is
2017 Dec 11
0
samba net ads join windows/ubuntu active directory with ldap ssl
Hi,
I have modified my /etc/ldap/ldap.conf
cat /etc/ldap/ldap.conf
#TLS_REQCERT HARD
TLS_REQCERT ALLOW
TLS_CACERT /etc/ssl/certs/msadmaster.pem
After above changes net ads is succesfull with ssl/tls
I have verified at Windows AD DC end that TLS is being used for
communication with the help of wireshark.
Though i am not sure what is impact of changing TLS_REQCERT to ALLOW from
HARD
2014 Apr 23
1
SELInux and POSTFIX
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size : 9.7 M
Repo : installed
>From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write'
2020 Feb 04
5
Relabel /usr directory
Hi,
I've done the following:
- Copy usr content with rsync to another partition:
rsync -av --partial --progress /usr/ /mnt
Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
the directory itself). But I've found that is bad labeled:
ls -Z /usr
unconfined_u:object_r:unlabeled_t:s0 bin
unconfined_u:object_r:unlabeled_t:s0 local
unconfined_u:object_r:unlabeled_t:s0
2016 Apr 28
4
Cannot join server to Samba4 NT4 domain
I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP.
I would like to add another server, and have it authenticate users against openLDAP.
I thought I had to add the new server to the domain with "net rpc join", but that
seems to think I want to join an AD domain, and fails:
# net rpc join -U root%mypassword
No realm has been specified! Do you really want to join
2020 Feb 04
0
Relabel /usr directory
On 2/4/20 9:59 AM, Sergio Belkin wrote:
> Hi,
> I've done the following:
> - Copy usr content with rsync to another partition:
>
> rsync -av --partial --progress /usr/ /mnt
>
> Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
> the directory itself). But I've found that is bad labeled:
>
> ls -Z /usr
>
2016 Oct 24
1
SElinux suggestions needed: migrating backup service
Am 24.10.2016 um 23:44 schrieb Gordon Messmer <gordon.messmer at gmail.com>:
> On 10/24/2016 09:53 AM, Leon Fauster wrote:
>> Any suggestions to avoid the default labeling "unconfined_u:object_r:locale_t:s0"?
>
>
> Not off the top of my head. I think you need to either a) not try to preserve the labels or b) run the backup as a user which can manage labels.
2015 Feb 09
2
SELinux context for ssh host keys?
I generated a new host key for one of our systems using:
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096
I then ran 'ls -Z on the keys'
ll -Z *key*
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key
-rw-r--r--. root root system_u:object_r:sshd_key_t:s0
ssh_host_dsa_key.pub
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key
-rw-r--r--. root
2013 Mar 27
1
silencing Passenger "ps" SELinux errors
Hello,
how do people cope with constant SELinux errors like this from Fusion
Passenger:
36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2
file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922
36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir
getattr unconfined_u:system_r:initrc_t:s0 denied 1927
36888. 03/27/2013 14:20:05 ps
2017 Jan 08
1
Dovecot Selinux Setting
Hello,
can any tell me the correct selinux Settings for the Maildir Setting ?
in the Moment I have this setting
Jan 8 15:04:52 2017 from 192.168.100.100
[root at mx03 ~]# ls -Z /srv/vmail
drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com
drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at
drwx------. vmail vmail