Last updated on JULY 01, 2010
Applies to:Linux OS - Version: 4.0 to 4.7 - Release: RHEL4 to OEL4U7
Information in this document applies to any platform.
Linux Kernel - Version: 4.0 to 4.7
This issue involved using Samba for AD authentication in order to access a local directory on an RHEL 2.6.9-67 server. The Linux machine (a vm on VMWare) joined the AD domain and was displayed as a "Domain Controller" in the Windows XP Find Computers tool rather than as a workstation/ server even though domain controller functionality has been explicitly disabled in smb.conf.
Initial system issues were resolved that included selinux AVC's that prevented access to the share and the following was added to smb.conf:
preferred master = no
domain master = no
local master = no
Restarting the smb/winbind services following this change and rejoining the AD domain still showed the Linux machine in the role of a domain controller in the Windows XP Find Computers tool.
The concern was that a role tagged but non-functional domain controller in the overall AD environment posed a potential reliability risk where applications within this infrastructure might attempt to associate with the Linux machine.
Linux 2.6.9-67.ELsmp #1 SMP Wed Nov 7 13:58:04 EST 2007 i686 athlon i386 GNU/Linux
Samba and Kerberos Packages:
# rpm -qa | grep -i krb
# rpm -qa | grep -i samba
SELinux was disabled after initially being found in enforcing mode. Although it is possible to run selinux with Samba in this role, other functions on the machine were potentially affected by the presence of SELinux and its presence wasn't needed.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms