On pe, 21 loka 2022, Kees Bakker wrote:
On 21-10-2022 16:10, Alexander Bokovoy wrote:
On pe, 21 loka 2022, Kees Bakker via FreeIPA-users wrote:
It turns out to be caused by missing SELinux permissions. As soon as I
set selinux to permissive it started to work.
Now, I've solved a few fcontext issues. samba-dcerpcd does not crash anymore.
Still there are more things blocked by selinux, which I'm investigatign right
now.
I think this was fixed with
https://bugzilla.redhat.com/show_bug.cgi?id=2096521 in Fedora and CentOS
9 Stream.
Coming back to your original task. You should not use ipasam outside of
IPA trust controllers at all. Instead, please follow the RHEL IdM guide
which literally wants you to install ipa-client-samba package and run
ipa-client-samba installer to generate proper configuration for a Samba
server on IPA client. Have you tried that?
No, I didn't know that was necessary.
I am linking to RHEL IdM in RHEL 8 guide because RHEL 9 guides are not
fully published yet. It is the same story there:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/setting-up-samba-on-an-idm-domain-member_configuring-and-managing-idm
Thanks for the pointer.
I've done ipa-client-samba. To make it run I had to delete the already existing
cifs/ service for
this host. It was created at the time in CentOS7.
Things aren't working yet. I'm now seeing NT_STATUS_NO_MEMORY errors in the
samba
logs for the connecting windows client.
Oh, and selinux is still "permissive" so that can't be a problem (yet).
You need to provide more details to give any useful comments.
Please see
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/assembly_troubleshooting-authentication-with-sssd-in-idm_configuring-and-managing-idm
for various troubleshooting suggestions. In addition I'd need Samba
logs (log level = 10) on the IPA client where it is deployed and its
configuration.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
