On Fri, 2013-11-01 at 15:57 +0100, Christian Boltz wrote:
Hello,
Am Freitag, 1. November 2013 schrieb lynn:
On Fri, 2013-11-01 at 11:59 +0100, Carlos E. R. wrote:
On 2013-11-01 10:32, lynn wrote:
2013-11-01T09:45:47.551447+01:00 altea kernel: [ 36.449978] type=1400 audit(1383295547.544:34): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/smbd" name="/var/lib/sss/pubconf/kdcinfo.HH3.SITE"> You need to allow open file /var/lib/sss/pubconf/kdcinfo.HH3.SITE in profile /usr/sbin/smbd
Is "HH3.SITE" your hostname? If yes, you should allow kdcinfo.* instead.
No, it's the kerberos realm. OK, I've got it going OK now but couldn't we include the kerberos/sssd files in the standard /usr/sbin/smbd profile? I see that openSUSE now favours sssd over nss-ldap these days and also there can't be many non AD file servers left. Even if there are, it wouldn't hurt to include it would it? Wouldn't it just be ignored? Thanks, L x -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org