[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS
Leszek Szczepanowski
twinsen at mspanc.net
Tue Nov 15 09:21:10 UTC 2022
I have very simple config for HA Samba, using CTDB.
I have set all possible SELinux options until "denied" messages stopped
appearch in /var/log/messages.
All works flawlessly, just the problem is with browsing Samba shares with
enforcing setting.
When I try to browse shares, I'm getting this:
samba-dcerpcd version 4.16.4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/11/15 10:10:57.674555, 1]
../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
rpc_pipe_open_ncalrpc: connect(/run/samba/ncalrpc/EPMAPPER) failed: No
such file or directory
[2022/11/15 10:10:57.820626, 1]
../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 3281
[2022/11/15 10:10:58.040001, 1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
[2022/11/15 10:10:58.048701, 1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
[2022/11/15 10:10:58.049474, 1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_classic to 3292 with 0 clients
[2022/11/15 10:10:58.560868, 1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_classic to 3292 with 0 clients
Samba is in clustered mode + registry:
[root at fs01 samba]# net conf list
[global]
logging = syslog
log level = 1
netbios name = fs
workgroup = xxx
realm = xxx
idmap config * : backend = autorid
idmap config * : range = 1000000-1999999
security = user
ctdb:registry.tdb = yes
clustering = yes
nt pipe support = yes
[symptoms]
path = /mnt/glusterfs/symptoms/
guest ok = no
read only = no
browseable = yes
[root at fs01 samba]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> on
samba_export_all_rw --> on
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> on
virt_use_samba --> off
If I only set to permissive, browsing shares starts working immediately.
--
Leszek A. Szczepanowski
twinsen at mspanc.net
More information about the samba
mailing list