[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS

Leszek Szczepanowski twinsen at mspanc.net
Tue Nov 15 09:21:10 UTC 2022 

I have very simple config for HA Samba, using CTDB.
I have set all possible SELinux options until "denied" messages stopped
appearch in /var/log/messages.

All works flawlessly, just the problem is with browsing Samba shares with
enforcing setting.

When I try to browse shares, I'm getting this:

  samba-dcerpcd version 4.16.4 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/11/15 10:10:57.674555,  1]
../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
  rpc_pipe_open_ncalrpc: connect(/run/samba/ncalrpc/EPMAPPER) failed: No
such file or directory
[2022/11/15 10:10:57.820626,  1]
../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
  rpc_worker_exited: No worker with PID 3281
[2022/11/15 10:10:58.040001,  1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
  rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
[2022/11/15 10:10:58.048701,  1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
  rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
[2022/11/15 10:10:58.049474,  1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
  rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_classic to 3292 with 0 clients
[2022/11/15 10:10:58.560868,  1]
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
  rpc_host_distribute_clients: Sending new client
/usr/libexec/samba/rpcd_classic to 3292 with 0 clients

Samba is in clustered mode + registry:

[root at fs01 samba]# net conf list
[global]
        logging = syslog
        log level = 1
        netbios name = fs
        workgroup = xxx
        realm = xxx
        idmap config * : backend = autorid
        idmap config * : range = 1000000-1999999
        security = user
        ctdb:registry.tdb = yes
        clustering = yes
        nt pipe support = yes

[symptoms]
        path = /mnt/glusterfs/symptoms/
        guest ok = no
        read only = no
        browseable = yes

[root at fs01 samba]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> on
samba_export_all_rw --> on
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> on
virt_use_samba --> off

If I only set to permissive, browsing shares starts working immediately.
-- 
Leszek A. Szczepanowski
twinsen at mspanc.net

More information about the samba mailing list