[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6

mallapadi niranjan niranjan.ashok at gmail.com
Wed Jun 4 04:55:42 GMT 2008


I am not seeing this issue on RHEL4 update 6. but i am using


My sestatus is having as below

[root at dhcp6-193 ~]# sestatus
SELinux status:         enabled
SELinuxfs mount:        /selinux
Current mode:           enforcing
Mode from config file:  enforcing
Policy version:         18
Policy from config file:targeted

Policy booleans:
allow_syslog_to_console inactive
allow_ypbind            inactive
dhcpd_disable_trans     inactive
httpd_builtin_scripting active
httpd_disable_trans     inactive
httpd_enable_cgi        active
httpd_enable_homedirs   active
httpd_ssi_exec          active
httpd_tty_comm          inactive
httpd_unified           active
mysqld_disable_trans    inactive
named_disable_trans     inactive
nscd_disable_trans      inactive
ntpd_disable_trans      inactive
pegasus_disable_trans   inactive
portmap_disable_trans   inactive
snmpd_disable_trans     inactive
squid_disable_trans     inactive
syslogd_disable_trans   inactive
use_nfs_home_dirs       inactive
use_samba_home_dirs     inactive
use_syslogng            inactive
winbind_disable_trans   inactive
ypbind_disable_trans    inactive

When i joined the system to AD and restarted winbind, it  did not give any
selinux errors on /var/log/message, or console or /var/log/audit/audit.log

[root at dhcp6-193 ~]# service winbind restart

Shutting down Winbind services:                            [  OK  ]
Starting Winbind services:                                 [  OK  ]

So can you paste your selinux messages, that you are getting, and the samba
version.  Or if you feel you can do the following ,  without making selinux
to permissive or disabling it.

#getsebool -P "winbind_disable_trans" = 1


On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt <tleavitt at unameits.com>

> SELinux appears to be interfering with winbind's functionality.
> I have the lastest policy package installed:
> selinux-policy-targeted-1.17.30-2.149
> which allegedly solves this problem according to the RedHat knowledge
> base, but clearly does not. I have to turn off SELinux by using
> setenforce 0 (permissive) to get winbind to work at all, and based on
> what I see in the log files, disabling it completely is necessary to
> prevent all interference.
> Am I missing something? Are other folks having  this problem?
> Regards,
> Thomas Leavitt
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list