[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6 - Samba

This is a discussion on [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6 - Samba ; SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6

  1. [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6

    SELinux appears to be interfering with winbind's functionality.



    I have the lastest policy package installed:



    selinux-policy-targeted-1.17.30-2.149



    which allegedly solves this problem according to the RedHat knowledge
    base, but clearly does not. I have to turn off SELinux by using
    setenforce 0 (permissive) to get winbind to work at all, and based on
    what I see in the log files, disabling it completely is necessary to
    prevent all interference.



    Am I missing something? Are other folks having this problem?



    Regards,

    Thomas Leavitt

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  2. Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6

    Hi,

    I am not seeing this issue on RHEL4 update 6. but i am using

    samba-3.0.25b-1.el4_6.5
    samba-common-3.0.25b-1.el4_6.5.i386
    samba-client-3.0.25b-1.el4_6.5.i386

    My sestatus is having as below


    [root@dhcp6-193 ~]# sestatus
    SELinux status: enabled
    SELinuxfs mount: /selinux
    Current mode: enforcing
    Mode from config file: enforcing
    Policy version: 18
    Policy from config file:targeted

    Policy booleans:
    allow_syslog_to_console inactive
    allow_ypbind inactive
    dhcpd_disable_trans inactive
    httpd_builtin_scripting active
    httpd_disable_trans inactive
    httpd_enable_cgi active
    httpd_enable_homedirs active
    httpd_ssi_exec active
    httpd_tty_comm inactive
    httpd_unified active
    mysqld_disable_trans inactive
    named_disable_trans inactive
    named_write_master_zonesinactive
    nscd_disable_trans inactive
    ntpd_disable_trans inactive
    pegasus_disable_trans inactive
    portmap_disable_trans inactive
    postgresql_disable_transinactive
    snmpd_disable_trans inactive
    squid_disable_trans inactive
    syslogd_disable_trans inactive
    use_nfs_home_dirs inactive
    use_samba_home_dirs inactive
    use_syslogng inactive
    winbind_disable_trans inactive
    ypbind_disable_trans inactive


    When i joined the system to AD and restarted winbind, it did not give any
    selinux errors on /var/log/message, or console or /var/log/audit/audit.log


    [root@dhcp6-193 ~]# service winbind restart

    Shutting down Winbind services: [ OK ]
    Starting Winbind services: [ OK ]


    So can you paste your selinux messages, that you are getting, and the samba
    version. Or if you feel you can do the following , without making selinux
    to permissive or disabling it.

    #getsebool -P "winbind_disable_trans" = 1

    Regards
    Niranjan

    On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt
    wrote:

    > SELinux appears to be interfering with winbind's functionality.
    >
    >
    >
    > I have the lastest policy package installed:
    >
    >
    >
    > selinux-policy-targeted-1.17.30-2.149
    >
    >
    >
    > which allegedly solves this problem according to the RedHat knowledge
    > base, but clearly does not. I have to turn off SELinux by using
    > setenforce 0 (permissive) to get winbind to work at all, and based on
    > what I see in the log files, disabling it completely is necessary to
    > prevent all interference.
    >
    >
    >
    > Am I missing something? Are other folks having this problem?
    >
    >
    >
    > Regards,
    >
    > Thomas Leavitt
    >
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  3. Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6

    oops

    In my previous post i made a typo


    #getsebool -P "winbind_disable_trans" = 1

    it should be


    #setsebool -P "winbind_disable_trans" = 1

    On Wed, Jun 4, 2008 at 10:25 AM, mallapadi niranjan <
    niranjan.ashok@gmail.com> wrote:

    > Hi,
    >
    > I am not seeing this issue on RHEL4 update 6. but i am using
    >
    > samba-3.0.25b-1.el4_6.5
    > samba-common-3.0.25b-1.el4_6.5.i386
    > samba-client-3.0.25b-1.el4_6.5.i386
    >
    > My sestatus is having as below
    >
    >
    > [root@dhcp6-193 ~]# sestatus
    > SELinux status: enabled
    > SELinuxfs mount: /selinux
    > Current mode: enforcing
    > Mode from config file: enforcing
    > Policy version: 18
    > Policy from config file:targeted
    >
    > Policy booleans:
    > allow_syslog_to_console inactive
    > allow_ypbind inactive
    > dhcpd_disable_trans inactive
    > httpd_builtin_scripting active
    > httpd_disable_trans inactive
    > httpd_enable_cgi active
    > httpd_enable_homedirs active
    > httpd_ssi_exec active
    > httpd_tty_comm inactive
    > httpd_unified active
    > mysqld_disable_trans inactive
    > named_disable_trans inactive
    > named_write_master_zonesinactive
    > nscd_disable_trans inactive
    > ntpd_disable_trans inactive
    > pegasus_disable_trans inactive
    > portmap_disable_trans inactive
    > postgresql_disable_transinactive
    > snmpd_disable_trans inactive
    > squid_disable_trans inactive
    > syslogd_disable_trans inactive
    > use_nfs_home_dirs inactive
    > use_samba_home_dirs inactive
    > use_syslogng inactive
    > winbind_disable_trans inactive
    > ypbind_disable_trans inactive
    >

    >
    > When i joined the system to AD and restarted winbind, it did not give any
    > selinux errors on /var/log/message, or console or /var/log/audit/audit.log
    >
    >
    > [root@dhcp6-193 ~]# service winbind restart
    >
    > Shutting down Winbind services: [ OK ]
    > Starting Winbind services: [ OK ]
    >

    >
    > So can you paste your selinux messages, that you are getting, and the samba
    > version. Or if you feel you can do the following , without making selinux
    > to permissive or disabling it.
    >
    > #getsebool -P "winbind_disable_trans" = 1
    >
    > Regards
    > Niranjan
    >
    >
    > On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt
    > wrote:
    >
    >> SELinux appears to be interfering with winbind's functionality.
    >>
    >>
    >>
    >> I have the lastest policy package installed:
    >>
    >>
    >>
    >> selinux-policy-targeted-1.17.30-2.149
    >>
    >>
    >>
    >> which allegedly solves this problem according to the RedHat knowledge
    >> base, but clearly does not. I have to turn off SELinux by using
    >> setenforce 0 (permissive) to get winbind to work at all, and based on
    >> what I see in the log files, disabling it completely is necessary to
    >> prevent all interference.
    >>
    >>
    >>
    >> Am I missing something? Are other folks having this problem?
    >>
    >>
    >>
    >> Regards,
    >>
    >> Thomas Leavitt
    >>
    >> --
    >> To unsubscribe from this list go to the following URL and read the
    >> instructions: https://lists.samba.org/mailman/listinfo/samba
    >>

    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


+ Reply to Thread