Bug 164377 - SELinux blocks samba from accessing an AD password server
SELinux blocks samba from accessing an AD password server
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-27 10:16 EDT by Danny Padwa
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.25.3-9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-19 03:51:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix selinux-policy-targeted to allow smbd_t to connect out to AD (551 bytes, patch)
2005-07-27 10:16 EDT, Danny Padwa
no flags Details | Diff

  None (edit)
Description Danny Padwa 2005-07-27 10:16:00 EDT
Description of problem:
In one of Samba's modes, the samba server validates clients against an existing 
MSFT AD infrastructure.   To do this, it needs to be able to open a socket 
connection to the relevant service.   selinux-policy-targeted blocks this

Version-Release number of selected component (if applicable):
1.25.3

How reproducible:
Extremely

Steps to Reproduce:
1. Configure samba for "security = server"
2. Try to connect to it from a Windows machine
3.
  
Actual results:
It fails (very slowly).   Message in the AVC log about an inability to do a 
name_connect on port 139 or 445

Expected results:
It should work

Additional info:
Attached find a patch that fixes it
Comment 1 Danny Padwa 2005-07-27 10:16:00 EDT
Created attachment 117190 [details]
Fix selinux-policy-targeted to allow smbd_t to connect out to AD
Comment 2 Daniel Walsh 2005-07-28 12:45:50 EDT
Fixed in selinux-policy-targetd-1.25.3-9

Note You need to log in before you can comment on or make changes to this bug.