SELinux: 0, Alex Clark: 1📌
(work in progress)
Introduction📌
I don’t like to give up on a technical challenge, particularly when the progress is slow-but-consistent. It’s only when I know I can’t make any discernible progress easily or at all that I can force myself to give up.
Sound familiar? I wrote about a similar encounter six years ago!
The task at hand📌
Now the task at hand is running Samba on Rocky Linux 9. For years I ran File Sharing on a 2010 Mac Pro running Sierra and recent circumstances led me to replace that server with an HP Envy laptop with 11G RAM. It’s a surprisingly good server!
It’s been a lot of fun building out the services on this laptop running Rocky Linux 9, including:
Jenkins
RedHat Cockpit
Microsoft Remote Desktop
Having Samba fail mysteriously was not fun, and I should have known better than to go down any rabbit hole without first considering SE Linux, but what can I say? I’ve been out of the game for a while. Eventually I prevailed and this is the story of that encounter.
Attempts📌
My recent encounter with Samba on Rocky Linux was embarrasingly long, but it started off normal.
In the beginning📌
If you Google or ChatGPT “Samba on Rocky Linux” you’ll get steered toward something like:
sudo dnf install xrdp
Followed by some firewall instructions and, if you are lucky, some SE Linux instructions. If you are unlucky, you will proceed merrily with:
sudo systemctl enable smb
sudo systemctl start smb
After which you can delight in sudo systemctl status smb:
parkwoodstudios➜ ~ ᐅ sudo systemctl status smb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; preset: disabled)
Active: active (running) since Sat 2023-11-18 15:04:46 EST; 23h ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1655 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 4 (limit: 72791)
Memory: 51.0M
CPU: 3.761s
CGroup: /system.slice/smb.service
├─1655 /usr/sbin/smbd --foreground --no-process-group
├─1880 /usr/sbin/smbd --foreground --no-process-group
├─1881 /usr/sbin/smbd --foreground --no-process-group
└─3992 /usr/sbin/smbd --foreground --no-process-group
Nov 18 15:04:46 parkwoodstudios systemd[1]: Starting Samba SMB Daemon...
Nov 18 15:04:46 parkwoodstudios smbd[1655]: [2023/11/18 15:04:46.273770, 0] ../../source3/smbd/server.c:1741(main)
Nov 18 15:04:46 parkwoodstudios smbd[1655]: smbd version 4.17.5 started.
Nov 18 15:04:46 parkwoodstudios smbd[1655]: Copyright Andrew Tridgell and the Samba Team 1992-2022
Nov 18 15:04:46 parkwoodstudios systemd[1]: Started Samba SMB Daemon.
Unfortunately, the joyfulness will end when you try to connect, even though the ports are open:
╰─(blog) ⠠⠵ sudo nmap 192.168.1.2
Password:
Starting Nmap 7.94 ( https://nmap.org ) at 2023-11-19 14:20 EST
Nmap scan report for parkwoodstudios.fios-router.home (192.168.1.2)
Host is up (0.022s latency).
Not shown: 979 filtered tcp ports (no-response), 15 filtered tcp ports (admin-prohibited)
PORT STATE SERVICE
22/tcp open ssh
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
8080/tcp open http-proxy
9090/tcp open zeus-admin
MAC Address: 30:24:32:39:7F:E7 (Intel Corporate)
Nmap done: 1 IP address (1 host up) scanned in 9.30 seconds
I would love to say I immediately recognized the issue as being related to SE Linux, but I didn’t. In fact, I went in the opposite direction:
“Maybe the version of Samba is too old!”
And then there was hombrew, and the brew was good📌
My experience with Homebrew on macOS led me to try running Samba on Linux via Homebrew. It worked! The Samba version was newer, and the connection worked fine. Unfortunately I couldn’t get systemd to run the Homebrew version of Samba, so after fighting with that for a while, I gave up.