Hi,<br><br>I was trying to setup winbind on a CentOS 4 host to authenticate to the AD on my network. My smb.conf is very simple, I'm only setting workgroup, realm, security, and I'm setting for winbind:<br><br> encrypt passwords = yes
<br> winbind separator = +<br> idmap uid = 10000-20000<br> idmap gid = 10000-20000<br><br>When trying to start the service with "service winbind start", I'm getting these error messages:<br><br>Jan 10 16:18:00 myhost kernel: audit(
1199999880.483:2): avc: denied { write } for pid=4490 comm="winbindd" name="secrets.tdb" dev=sda2 ino=192690 scontext=root:system_r:winbind_t tcontext=root:object_r:samba_etc_t tclass=file<br>Jan 10 16:18:00 myhost winbindd[4490]: [2008/01/10 16:18:00, 0] passdb/secrets.c:secrets_init(67)
<br>Jan 10 16:18:00 myhost winbindd[4490]: Failed to open /etc/samba/secrets.tdb<br>Jan 10 16:18:00 myhost winbindd[4490]: [2008/01/10 16:18:00, 0] nsswitch/winbindd.c:main(1010)<br>Jan 10 16:18:00 myhost winbindd[4490]: Could not initialize domain trust account secrets. Giving up
<br><br>Clearly winbind is violating SELinux's targeted policy by trying to write the secrets.tdb file on /etc/samba directory. I looked at smb.conf's man page that I could set the directory of this file using the "private dir" directive on
smb.conf's global section, and that's what I did, I set it to /var/cache/samba/winbindd_privileged, which I found was a directory created by the samba-common package, with 750 permissions and a winbind_var_run_t context.
<br><br>I would like to know if I did the right thing or not. Or if I should have put the secrets.tdb in a directory other than that one. What would be the recommended configuration?<br><br>Thanks!<br>Filipe<br><br>