[Samba] ntp/chrony on AD DC and SELinux
Matthias Leopold
matthias.leopold at meduniwien.ac.at
Tue Nov 3 14:02:01 UTC 2020
Hi,
the instructions for "Time Synchronisation - SELinux Labeling and
Policy" on
https://wiki.samba.org/index.php/Time_Synchronisation_-_SELinux_Labeling_and_Policy
don't seem to work on CentOS 8. Using chrony I tried to adapt them (with
very limited SELinux knowledge) like this:
chcon -u system_u -t chronyd_exec_t /var/lib/samba/ntp_signd
semanage fcontext -a -t chronyd_exec_t "/var/lib/samba/ntp_signd(/.*)?"
restorecon -R -v /var/lib/samba/ntp_signd
This seems to work on one DC, on the other I'm seeing this in the logs:
"platform-python[1654]: SELinux is preventing chronyd from search access
on the directory ntp_signd."
Correspondingly I'm seeing ntpclient errors for this DC on a Windows member.
Thx for any advice
Matthias
More information about the samba
mailing list