On 9/17/2013 6:45 AM, "Th. Söldenwagner" wrote:
Hi,
I am trying to create shares for my users in our new Samba4 domain, but
with no luck so far.
Which flavor of Linux are you trying this on?
If CentOS/RHEL, one thing I always forget to check is SELinux issues.
Maybe you have as well?
# getenforce
- Will tell you whether SELinux is disabled, permissive or enforcing.
# setenforce permissive
- Setting it /temporarily/ to "permissive" is a useful check to see
whether you have a SELinux issue somewhere that need addressed.
Assuming that you have "auditd" running, try looking at:
# cat /var/log/audit/audit.log | audit2allow
Which may show you an overall view of how many exceptions you have.
In general, SELinux issues boil down to a few root causes and fixes:
#1 - There's a boolean that you need to maybe turn on. If you dig
through the "sealert -a UUID" messages in the system log, it does a good
job of explaining when this might apply.
#2 - There's a file system labeling problem. i.e. you are trying to let
a process access things in a non-standard place and/or with a
non-standard label. These are fixed with "restorecon" and "semanage
fcontext" changes.
#3 - There's no way to fix labels or booleans to allow what you need, so
you need to create a local exception policy. This can be done using
"audit2allow" and "semodule -i". You should be careful about which
exceptions you feed to audit2allow and try to keep the resulting
exception policy as minimal as possible.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
