Access Denied when joining windows7 client to new samba4 AD
Joshua Paye
jkpaye at gmail.com
Tue Dec 10 11:38:03 MST 2013
Figured this out. Was selinux. For reference this is on CentOS 6.5 x64.
I installed setroubleshoot allowing selinux violations to be logged, and
then used audit2allow to build a selinux policy to permit the denied
access. See below. This may not be the best or most secure way to bypass
this issue. If anyone would like to add constructively that would be
appreciated.
First the denied actions:
[root at dc01 ~]# grep denied /var/log/audit/audit.log
type=AVC msg=audit(1386440216.240:812): avc: denied { connectto } for
pid=23612 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386440216.251:813): avc: denied { connectto } for
pid=23612 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386440216.281:814): avc: denied { connectto } for
pid=23612 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386451550.280:959): avc: denied { write } for
pid=24238 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451550.290:960): avc: denied { sendto } for
pid=24238 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451550.324:961): avc: denied { sendto } for
pid=24239 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451553.289:962): avc: denied { write } for
pid=24240 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451553.295:963): avc: denied { sendto } for
pid=24240 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451589.628:964): avc: denied { write } for
pid=24242 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451589.635:965): avc: denied { sendto } for
pid=24242 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451589.665:966): avc: denied { sendto } for
pid=24243 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451592.633:967): avc: denied { write } for
pid=24244 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451592.640:968): avc: denied { sendto } for
pid=24244 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451698.334:969): avc: denied { write } for
pid=24254 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451698.342:970): avc: denied { sendto } for
pid=24254 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451698.373:971): avc: denied { sendto } for
pid=24255 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451701.333:972): avc: denied { write } for
pid=24256 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451701.340:973): avc: denied { sendto } for
pid=24256 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451883.617:980): avc: denied { write } for
pid=24268 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451883.624:981): avc: denied { sendto } for
pid=24268 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451883.658:982): avc: denied { sendto } for
pid=24269 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451886.617:983): avc: denied { write } for
pid=24270 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451886.624:984): avc: denied { sendto } for
pid=24270 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451930.321:985): avc: denied { write } for
pid=24272 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451930.328:986): avc: denied { sendto } for
pid=24272 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451930.361:987): avc: denied { sendto } for
pid=24273 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386451933.324:988): avc: denied { write } for
pid=24274 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386451933.331:989): avc: denied { sendto } for
pid=24274 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.23616"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386452294.024:990): avc: denied { connectto } for
pid=24338 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386452294.027:991): avc: denied { connectto } for
pid=24338 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386452294.034:992): avc: denied { connectto } for
pid=24338 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386452317.967:993): avc: denied { sendto } for
pid=24358 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24344"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386452318.051:994): avc: denied { sendto } for
pid=24359 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24344"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386452321.107:995): avc: denied { sendto } for
pid=24360 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24344"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386452909.767:1006): avc: denied { connectto } for
pid=24439 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386452909.768:1007): avc: denied { connectto } for
pid=24439 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386452909.775:1008): avc: denied { connectto } for
pid=24439 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386452923.864:1009): avc: denied { sendto } for
pid=24457 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386452923.895:1010): avc: denied { sendto } for
pid=24458 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386452926.865:1011): avc: denied { sendto } for
pid=24459 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386453555.468:1018): avc: denied { sendto } for
pid=24514 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386453555.548:1019): avc: denied { sendto } for
pid=24515 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386453558.604:1020): avc: denied { sendto } for
pid=24516 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386494039.670:1557): avc: denied { sendto } for
pid=29147 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386494039.706:1558): avc: denied { sendto } for
pid=29148 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386494042.674:1559): avc: denied { sendto } for
pid=29149 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504307.116:1692): avc: denied { sendto } for
pid=29455 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504307.152:1693): avc: denied { sendto } for
pid=29456 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504310.133:1694): avc: denied { sendto } for
pid=29457 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504500.165:1695): avc: denied { sendto } for
pid=29463 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504500.196:1696): avc: denied { sendto } for
pid=29464 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504503.169:1697): avc: denied { sendto } for
pid=29465 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504533.533:1698): avc: denied { sendto } for
pid=29468 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504533.564:1699): avc: denied { sendto } for
pid=29469 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504536.536:1700): avc: denied { sendto } for
pid=29470 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504960.206:1707): avc: denied { sendto } for
pid=29501 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504960.239:1708): avc: denied { sendto } for
pid=29502 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386504963.211:1709): avc: denied { sendto } for
pid=29503 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.24443"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386505002.625:1710): avc: denied { connectto } for
pid=29563 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386505002.640:1711): avc: denied { connectto } for
pid=29563 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386505002.650:1712): avc: denied { connectto } for
pid=29563 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1386505013.584:1713): avc: denied { write } for
pid=29575 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386505013.591:1714): avc: denied { sendto } for
pid=29575 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.29567"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386505013.621:1715): avc: denied { sendto } for
pid=29576 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.29567"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386505016.588:1716): avc: denied { write } for
pid=29578 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386505016.595:1717): avc: denied { sendto } for
pid=29578 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.29567"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386505093.518:1718): avc: denied { write } for
pid=29582 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386505093.564:1719): avc: denied { sendto } for
pid=29582 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.29567"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386505093.644:1720): avc: denied { sendto } for
pid=29583 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.29567"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386505096.658:1721): avc: denied { write } for
pid=29584 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386505096.702:1722): avc: denied { sendto } for
pid=29584 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.29567"
scontext=unconfined_u:system_r:smbd_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
type=AVC msg=audit(1386691683.939:4): avc: denied { connectto } for
pid=1684 comm="smbd" path="/var/run/samba/winbindd/pipe"
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
type=AVC msg=audit(1386697097.047:89): avc: denied { write } for
pid=2182 comm="smbd" name="urandom" dev=devtmpfs ino=3787
scontext=system_u:system_r:smbd_t:s0
tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file
type=AVC msg=audit(1386697097.128:90): avc: denied { sendto } for
pid=2182 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.1689"
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_dgram_socket
type=AVC msg=audit(1386697100.432:91): avc: denied { connectto } for
pid=2182 comm="smbd" path="/var/run/samba/ncalrpc/np/netlogon"
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
type=AVC msg=audit(1386697264.607:98): avc: denied { sendto } for
pid=2201 comm="smbd" path="/var/lib/samba/private/smbd.tmp/msg/msg.1689"
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_dgram_socket
Creating a policy:
[root at dc01 ~]# audit2allow -l -a -M sernet-samba-ad
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i sernet-samba-ad.pp
Viewing the Policy:
[root at dc01 ~]# cat sernet-samba-ad.te
module sernet-samba-ad 1.0;
require {
type urandom_device_t;
type smbd_t;
type initrc_t;
class unix_stream_socket connectto;
class unix_dgram_socket sendto;
class chr_file write;
}
#============= smbd_t ==============
allow smbd_t initrc_t:unix_dgram_socket sendto;
allow smbd_t initrc_t:unix_stream_socket connectto;
allow smbd_t urandom_device_t:chr_file write;
Enabling the policy:
[root at dc01 ~]# semodule -i sernet-samba-ad.pp
-Joshua
On Sun, Dec 8, 2013 at 3:47 PM, Joshua Paye <jkpaye at gmail.com> wrote:
> Hi,
>
> I have recently completed setup of a samba4 AD domain. All aspects of the
> system seem to be functioning. When I attempt to join a fully patched
> windows7 client to the domain I receive an access denied error. Can anyone
> assist in debugging this issue?
>
> A level 10 log for the client is here:
> https://dl.dropboxusercontent.com/u/26190223/log.10.100.20.15
>
> Thanks,
> Joshua
>
More information about the samba-technical
mailing list