[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
L.P.H. van Belle
belle at bazuin.nl
Wed Feb 22 11:13:33 UTC 2017
Hai,
Becarefull with "apt-get remove apparmor".
If you remove apparmor and mysql-server is installed on the same server,
beware the you remove mysql-server also and re-installing mysql-server also installs apparmor.
I experienced that multiple times with Ubuntu 16.04 and maybe there are more like this.
The preffered way:
Use the /etc/apparmor.d/disable directory along with the
apparmor_parser -R option to disable a profile.
Some options.
1)
sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/profile.name
# Samba on ubuntu 16.04
sudo ln -s /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/disable/
sudo ln -s /etc/apparmor.d/usr.sbin.nmbd /etc/apparmor.d/disable/
sudo ln -s /etc/apparmor.d/usr.sbin.winbind /etc/apparmor.d/disable/
# dhcp also installed
ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd
# mysql
ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
# bind
ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.named
2)
Or disable it but dont remove it.
systemctl stop apparmor.service
systemctl disable apparmor.service
update-rc.d -f apparmor remove
3)
Or configure it correctly..
I personaly use the first option.
I disable only that what needs to be disabled.
In short, only things that are out of the "debian scope" and not in apparmor.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: woensdag 22 februari 2017 11:36
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Setting Win ACLs via Comp Managment, connection to
> Member Server warning
>
> On Tue, 21 Feb 2017 17:17:50 -0600
> Lin Pro <linforpros at gmail.com> wrote:
>
> > Both ubuntu machines have iptables -L:
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > And the windows server firewall off
> >
> >
> > How can that happen to me...
> > I am speechless
> > Lin
>
> After setting up a Ubuntu 16.04 domain member, I found I couldn't open
> the share and couldn't find any reason in the logs on the domain
> member.
>
> Experience came to my aid ;-)
>
> sudo apt-get remove apparmor
> sudo reboot
>
> fixed it for me.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list