I'm getting the error described in
this bug. The fix is described in the bug:
Code:
The following additional SELinux permissions were found to resolve the situation:
samba_domtrans_winbind_helper(httpd_t)
allow httpd_t winbind_helper_t:process signal;
apache_append_log(winbind_helper_t)
I have searched pretty extensively and I don't have a clue what to do with that information. I don't think setsebool is going to help.
Code:
# getsebool -a | grep winbind
winbind_disable_trans --> off
Here's the back story, though I don't think it's necessarily relevant:
I'm trying to set up single-sign-on (SSO) with Apache, Active Directory, and PHP. I'm using mod_auth_ntlm_winbind as described
here and
here.
The bits and pieces seem to be working together so far. I can do "kinit" and get a kerberos ticket; I can do "net ads join" and join the AD domain; my wbinfo commands suggest that winbind is working.
When I try to view a web page that's in my restricted subdirectory, though, I get a 500 Internal Server error and my error_log shows
Quote:
|
[Fri May 20 14:16:37 2011] [error] [client 10.112.10.38] (13)Permission denied: couldn't spawn child ntlm helper process: /usr/bin/ntlm_auth
|
That's the error described in the bug.
SELinux permissions
