On 24-10-2022 09:29, Alexander Bokovoy wrote:
On pe, 21 loka 2022, Kees Bakker wrote:
On 21-10-2022 16:10, Alexander Bokovoy wrote:
On pe, 21 loka 2022, Kees Bakker via FreeIPA-users wrote:
It turns out to be caused by missing SELinux permissions. As soon as I
set selinux to permissive it started to work.
Now, I've solved a few fcontext issues. samba-dcerpcd does not crash anymore.
Still there are more things blocked by selinux, which I'm investigatign right
now.
I think this was fixed with
https://bugzilla.redhat.com/show_bug.cgi?id=2096521 in Fedora and CentOS
9 Stream.
Coming back to your original task. You should not use ipasam outside of
IPA trust controllers at all. Instead, please follow the RHEL IdM guide
which literally wants you to install ipa-client-samba package and run
ipa-client-samba installer to generate proper configuration for a Samba
server on IPA client. Have you tried that?
No, I didn't know that was necessary.
I am linking to RHEL IdM in RHEL 8 guide because RHEL 9 guides are not
fully published yet. It is the same story there:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/setting-up-samba-on-an-idm-domain-member_configuring-and-managing-idm
Thanks for the pointer.
I've done ipa-client-samba. To make it run I had to delete the already existing
cifs/ service for
this host. It was created at the time in CentOS7.
Things aren't working yet. I'm now seeing NT_STATUS_NO_MEMORY errors in the
samba
logs for the connecting windows client.
Oh, and selinux is still "permissive" so that can't be a problem (yet).
You need to provide more details to give any useful comments.
Yes, I am fully aware of that. I was just hoping that someone would recognize
this error and
would have the answer to all my trouble :-)
Samba is a beast. Samba logging is close to being useless, except maybe for a
small
minority of Samba developers.
Please see
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/assembly_troubleshooting-authentication-with-sssd-in-idm_configuring-and-managing-idm
for various troubleshooting suggestions. In addition I'd need Samba
logs (log level = 10) on the IPA client where it is deployed and its
configuration.
The good news is: it working. So, what did I do to make it work?
First I did setup a new Samba/Centos9 client from scratch. I followed the
guideline [1]
you gave before. That worked. This gave me something to compare with.
Back to the troubled Samba server.
I did do ipa-client-samba on it. The old cifs service prohibited completion, so
I manually deleted
it. Run ipa-client-samba again. Still, that didn't help.
Then I saw the ipa-client-samba "uninstall" option. Tried that and ran the
command again.
Still, no luck. Increasing the samba log level. Logging is massive. The typical
needle-in-haystack problem. I didn't find any useful hint to the cause of my
problem.
The last thing I remembered doing was a restart of the firewall. What? It's
working? Why?
No-one will ever know.
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/setting-up-samba-on-an-idm-domain-member_configuring-and-managing-idm
-- Kees
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
