[Samba] Testparm Creating Sock File? and Missing Service Records

Rowland penny rpenny at samba.org
Fri Nov 22 17:39:26 UTC 2019


On 22/11/2019 17:18, John Clendenen via samba wrote:
> Hi,
>
> I’m experiencing an issue with selinux blocking Samba on Fedora when bind
> interfaces only is set. Based on the selinux logs, it is attempting to
> create a sock file in /var/lib/samba/private/msg.sock/.
>
> We are wondering why testparm is using a sock file, or if this is
> unexpected behavior.
>
> Link to ticket below:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1768656
> ------------------------------
>
> Additionally, I have found that DNS (BIND DLZ in my case) is missing
> kerberos udp service records, at least in Fedora’s Samba AD packages. I
> assume it’s an upstream issue with Samba, but I can open a ticket with
> Fedora if that’s more appropriate.
>
> After adding the following records, I am able to bind clients more reliably
> as well as establish trust with IPA.
>
> samba-tool dns add 127.0.0.1 _msdcs."$(hostname -d)" _kerberos._udp.dc
> SRV "$(hostname -f) 88 0 100"
> samba-tool dns add 127.0.0.1 _msdcs."$(hostname -d)"
> _kerberos._udp."${SITE}"._sites.dc SRV "$(hostname -f) 88 0 100"

Two things wrong here, using the Fedora packages to provision a Samba AD 
DC results in the use of MIT for kerberos and using MIT is still 
experimental. The other thing is that Selinux has nothing to do with 
Samba and you will need to configure it to work with Samba.

We have a couple of wikipages that refer to Selinux, but they may need 
updating, so, any help you can give us here, will be much appreciated.

Rowland





More information about the samba mailing list