Description of problem: We can't get Winbind start correctly using scripts at /etc/init.d. Facts: i) Both SMB and NMB seems to start fine. ii) Winbind can be started in background simply typing # winbind without problems. iii) If, instead: # /etc/init.d/winbind start , # sh -x /etc/init.d/winbind start it starts fine! iv) Extract from /var/log/messages: Feb 22 17:15:22 mtvisadorh01 kernel: audit(1140624922.398:0): avc: denied { write } for pid=24483 exe=/usr/sbin/winbindd name=secrets.tdb dev=cciss/c0d0p2 ino=343440 scontext=root:system_r:winbind_t tcontext=root:object_r:samba_etc_t tclass=file v) Extract from /var/lob/samba/winbindd.log [2006/02/22 18:48:03, 5] tdb/tdbutil.c:tdb_log(725) tdb(unnamed): tdb_open_ex: could not open file /etc/samba/secrets.tdb: Permiso denegado [2006/02/22 18:48:03, 0] passdb/secrets.c:secrets_init(64) Failed to open /etc/samba/secrets.tdb [2006/02/22 18:48:03, 0] nsswitch/winbindd.c:main(881) Could not initialize domain trust account secrets. Giving up [2006/02/22 18:49:34, 1] nsswitch/winbindd.c:main(864) vi) net ads join command works properly: [2006/02/22 20:35:12, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for mtvisadorh01 already exists - modifying old account Using short domain name -- COAM Joined 'MTVISADORH01' to realm 'COAM.ORG' vii) Samba configuration: workgroup = COAM realm = COAM.ORG security = ads name resolve order = lmhosts host wins bcast netbios name = mtvisadorh01 wins server = NTServer wins support = yes encrypt passwords = yes passdb backend = tdbsam password server = NTServer idmap uid = 11000-20000 idmap gid = 11000-20000 winbind separator = _ winbind enum users = yes winbind enum groups = yes ldap ssl = no log level = 10 os level = 33 short preserve case = no socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY syslog = 0 time server = Yes unix extensions = Yes unix charset = LOCALE veto files = /*.eml/*.nws/riched20.dll/*.{*}/ Version-Release number of selected component (if applicable): [root@mtvisadorh01 samba]# rpm -qa | grep -i samba samba-client-3.0.10-1.4E.2 system-config-samba-1.2.21-1 samba-3.0.10-1.4E.2 samba-common-3.0.10-1.4E.2 How reproducible: At will. Steps to Reproduce: 1. /etc/init.d/winbind start 2. 3. Actual results: It states it starts, but: [root@mtvisadorh01 samba]# /etc/init.d/winbind start Starting Winbind services: [ OK ] [root@mtvisadorh01 samba]# /etc/init.d/winbind status winbindd dead but subsys locked Expected results: [root@mtvisadorh01 samba]# /etc/init.d/winbind start Starting Winbind services: [ OK ] [root@mtvisadorh01 samba]# /etc/init.d/winbind status winbindd (pid 2513 2512) is running... Additional info:
Can you add the version of the selinux-policy-targeted package which you have installed, and the output of 'restorecon -v /etc/samba/secrets.tdb' in case there's a labeling problem involved?
Sorry, had already checked as per other related bugs but forgot to provide: [root@mtvisadorh01 ~]# rpm -qa | grep policy checkpolicy-1.17.5-1 selinux-policy-targeted-1.17.30-2.110 policycoreutils-1.18.1-4.7 [root@mtvisadorh01 ~]# restorecon -v /etc/samba/secrets.tdb restorecon reset context /etc/samba/secrets.tdb:root:object_r:samba_etc_t- >system_u:object_r:samba_secrets_t After doing this, according to your instructions, problems's solved: [root@mtvisadorh01 ~]# /etc/init.d/winbind start Starting Winbind services: [ OK ] [root@mtvisadorh01 ~]# /etc/init.d/winbind status winbindd (pid 21433 21432) is running... [root@mtvisadorh01 ~]# /etc/init.d/winbind stop Shutting down Winbind services: [ OK ] [root@mtvisadorh01 ~]# /etc/init.d/winbind start Starting Winbind services: [ OK ] [root@mtvisadorh01 ~]# /etc/init.d/winbind status winbindd (pid 21456 21455) is running... Thank you so much for your help, and sorry for wasting your time, as it's clearly not a bug.
It may still be a bug if the file was created while SELinux was in use, but somehow didn't get the correct label applied right then, but I'll leave that for Jay to decide. Thanks!