Mailinglist Archive: opensuse-factory (1029 mails)

< Previous Next >
Re: [opensuse-factory] samba woes with apparmor
On Fri, 2013-11-01 at 15:57 +0100, Christian Boltz wrote:

Am Freitag, 1. November 2013 schrieb lynn:
On Fri, 2013-11-01 at 11:59 +0100, Carlos E. R. wrote:
On 2013-11-01 10:32, lynn wrote:

2013-11-01T09:45:47.551447+01:00 altea kernel: [ 36.449978]
type=1400 audit(1383295547.544:34): apparmor="DENIED"
operation="open" parent=1 profile="/usr/sbin/smbd"
You need to allow open file /var/lib/sss/pubconf/kdcinfo.HH3.SITE in
profile /usr/sbin/smbd

Is "HH3.SITE" your hostname? If yes, you should allow kdcinfo.* instead.

No, it's the kerberos realm.

OK, I've got it going OK now but couldn't we include the kerberos/sssd
files in the standard /usr/sbin/smbd profile? I see that openSUSE now
favours sssd over nss-ldap these days and also there can't be many non
AD file servers left. Even if there are, it wouldn't hurt to include it
would it? Wouldn't it just be ignored?
L x

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >