[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS

Rowland Penny rpenny at samba.org
Tue Nov 15 09:47:14 UTC 2022



On 15/11/2022 09:21, Leszek Szczepanowski via samba wrote:
> I have very simple config for HA Samba, using CTDB.
> I have set all possible SELinux options until "denied" messages stopped
> appearch in /var/log/messages.
> 
> All works flawlessly, just the problem is with browsing Samba shares with
> enforcing setting.
> 
> When I try to browse shares, I'm getting this:
> 
>    samba-dcerpcd version 4.16.4 started.
>    Copyright Andrew Tridgell and the Samba Team 1992-2022
> [2022/11/15 10:10:57.674555,  1]
> ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
>    rpc_pipe_open_ncalrpc: connect(/run/samba/ncalrpc/EPMAPPER) failed: No
> such file or directory
> [2022/11/15 10:10:57.820626,  1]
> ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
>    rpc_worker_exited: No worker with PID 3281
> [2022/11/15 10:10:58.040001,  1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>    rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
> [2022/11/15 10:10:58.048701,  1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>    rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
> [2022/11/15 10:10:58.049474,  1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>    rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
> [2022/11/15 10:10:58.560868,  1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>    rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
> 
> Samba is in clustered mode + registry:
> 
> [root at fs01 samba]# net conf list
> [global]
>          logging = syslog
>          log level = 1
>          netbios name = fs
>          workgroup = xxx
>          realm = xxx
>          idmap config * : backend = autorid
>          idmap config * : range = 1000000-1999999
>          security = user

Now I do not know a lot about CTDB, but I do know that you cannot use 
'idmap config' lines with 'security = user', they are are only used with 
a domain, so if this cluster is joined to a domain, I would start by 
changing 'security = user' to 'security = ADS'

Rowland



More information about the samba mailing list