samba, kerberos, winbind and W2K3 avc messages
Tom Diehl
tdiehl at rogueind.com
Sun Apr 2 18:01:58 UTC 2006
Hi all,
I have a fully updated FC4 machine that I am trying to get samba and winbind
working with selinux in enforcing mode.
I would appreciate it if someone could look at the avc messages below and
help me understand what they mean and how to fix the machine.
When I start up samba and winbind I get the following avc messages:
Apr 2 11:06:45 backup kernel: audit(1143990405.799:54): avc: denied { getattr } for pid=2773 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
Apr 2 11:06:45 backup kernel: audit(1143990405.807:55): avc: denied { getattr } for pid=2773 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
Apr 2 11:06:45 backup kernel: audit(1143990405.811:56): avc: denied { getattr } for pid=2773 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
Apr 2 11:06:45 backup kernel: audit(1143990405.815:57): avc: denied { getattr } for pid=2773 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
Apr 2 11:06:45 backup kernel: audit(1143990405.819:58): avc: denied { getattr } for pid=2773 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
Apr 2 11:06:45 backup kernel: audit(1143990405.823:59): avc: denied { getattr } for pid=2773 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
...
When I try to browse the samba shares from the w2k3 server I get the following
messages:
==> messages <==
Apr 2 11:09:35 backup kernel: audit(1143990575.906:161): avc: denied { getattr } for pid=2811 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
Apr 2 11:09:35 backup kernel: audit(1143990575.910:162): avc: denied { getattr } for pid=2811 comm="smbd" name="backup-044_0" dev=dm-4 ino=31755 scontext=root:system_r:smbd_t tcontext=root:object_r:samba_net_tmp_t tclass=file
==> samba/sommer1.log <==
[2006/04/02 11:09:35, 1] libads/kerberos_verify.c:ads_verify_ticket(324)
ads_verify_ticket: krb5_get_server_rcache failed (Permission denied in replay cache code)
[2006/04/02 11:09:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2006/04/02 11:09:35, 1] libads/kerberos_verify.c:ads_verify_ticket(324)
ads_verify_ticket: krb5_get_server_rcache failed (Permission denied in replay cache code)
[2006/04/02 11:09:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
If I disable selinux everything works as it should.
Regards,
Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
More information about the fedora-selinux-list
mailing list