[Samba] Strange issue with Samba+CTDB+SELinux+GlusterFS
Rowland Penny
rpenny at samba.org
Tue Nov 15 09:47:14 UTC 2022
On 15/11/2022 09:21, Leszek Szczepanowski via samba wrote:
> I have very simple config for HA Samba, using CTDB.
> I have set all possible SELinux options until "denied" messages stopped
> appearch in /var/log/messages.
>
> All works flawlessly, just the problem is with browsing Samba shares with
> enforcing setting.
>
> When I try to browse shares, I'm getting this:
>
> samba-dcerpcd version 4.16.4 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2022
> [2022/11/15 10:10:57.674555, 1]
> ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
> rpc_pipe_open_ncalrpc: connect(/run/samba/ncalrpc/EPMAPPER) failed: No
> such file or directory
> [2022/11/15 10:10:57.820626, 1]
> ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
> rpc_worker_exited: No worker with PID 3281
> [2022/11/15 10:10:58.040001, 1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
> [2022/11/15 10:10:58.048701, 1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
> [2022/11/15 10:10:58.049474, 1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
> [2022/11/15 10:10:58.560868, 1]
> ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> rpc_host_distribute_clients: Sending new client
> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
>
> Samba is in clustered mode + registry:
>
> [root at fs01 samba]# net conf list
> [global]
> logging = syslog
> log level = 1
> netbios name = fs
> workgroup = xxx
> realm = xxx
> idmap config * : backend = autorid
> idmap config * : range = 1000000-1999999
> security = user
Now I do not know a lot about CTDB, but I do know that you cannot use
'idmap config' lines with 'security = user', they are are only used with
a domain, so if this cluster is joined to a domain, I would start by
changing 'security = user' to 'security = ADS'
Rowland
More information about the samba
mailing list