netapp101::*> vserver services name-service nis-domain show-bound-debug
Bound Bound
Vserver Domain NIS Server Status
------------- ------------------- ----------------- -------------------
netapp103 nisdom 172.17.44.49 Could not connect to server
netapp101::*>
今回は「Could not connect to server」ということで、NISサーバへの接続がうまくいかない、ということだった。確認したところ、途中のfirewall設定の問題でNISに関するポートが空いていないためだった。
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction win-unix -name osakanataro
ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.
'osakanataro' maps to 'osakanataro'
netapp101::*>
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction win-unix -name vm2\\osakanataro
ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.
'vm2\\osakanataro' maps to 'osakanataro'
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction unix-win -name osakanataro
'osakanataro' maps to 'VM2\osakanataro'
netapp101::*>
なお、NISサーバにアクセスできない場合にこのコマンドを実行すると、以下の様な結果になります。
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction unix-win -name osakanataro
Vserver: netapp103 (internal ID: 3)
Error: RPC map name request procedure failed
[ 4 ms] Mapping Successful for Unix-user 'osakanataro' to Windows
user 'VM2*' at position 1
[ 11] Successfully connected to ip 172.17.44.49, port 445 using
TCP
[ 59] Unknown error: 12
[ 59] Failed to initiate Kerberos authentication. Trying NTLM.
[ 70] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 95] Successfully authenticated with DC
samba.adosakana.local
[ 109] Encountered NT error (NT_STATUS_PENDING) for SMB command
Read
[ 117] Could not find Windows name 'VM2*'
**[ 120] FAILURE: Name mapping for UNIX user 'osakanataro' failed.
** Explicit Mapping failed and no default mapping found
Error: command failed: Failed to find mapping for the user. Reason: "SecD
Error: The mapped user does not exist and no default user is defined".
netapp101::*>
# sudo ln -s /opt/R/${R_VERSION}/bin/R /usr/local/bin/R
# sudo ln -s /opt/R/${R_VERSION}/bin/Rscript /usr/local/bin/Rscript
# which R
/usr/local/bin/R
# R --version
R version 4.1.3 (2022-03-10) -- "One Push-Up"
Copyright (C) 2022 The R Foundation for Statistical Computing
Platform: x86_64-pc-linux-gnu (64-bit)
R is free software and comes with ABSOLUTELY NO WARRANTY.
You are welcome to redistribute it under the terms of the
GNU General Public License versions 2 or 3.
For more information about these matters see
https://www.gnu.org/licenses/.
#
# cat rstudio.te
module rstudio 1.0;
require {
type devpts_t;
type init_t;
type http_port_t;
type ptmx_t;
type user_home_t;
type unreserved_port_t;
class process { execmem setpgid };
class tcp_socket name_connect;
class file { append create execute link map open read rename setattr write };
class dir { rename reparent rmdir };
class chr_file { ioctl open read write };
}
#============= init_t ==============
#!!!! This avc is allowed in the current policy
allow init_t devpts_t:chr_file open;
#!!!! This avc is allowed in the current policy
allow init_t http_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
#!!!! This av rule may have been overridden by an extended permission av rule
allow init_t ptmx_t:chr_file { ioctl open read write };
#!!!! This avc is allowed in the current policy
allow init_t self:process { execmem setpgid };
#!!!! This avc is allowed in the current policy
allow init_t unreserved_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:dir { rename reparent rmdir };
allow init_t user_home_t:file link;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:file { append create execute map open read rename setattr write };
#
# ls
rstudio.te
# cat rstudio.te
module rstudio 1.1;
require {
type devpts_t;
type init_t;
type http_port_t;
type ptmx_t;
type user_home_t;
type unreserved_port_t;
class process { execmem setpgid };
class tcp_socket name_connect;
class file { append create execute link map open read rename setattr write };
class dir { rename reparent rmdir };
class chr_file { ioctl open read write };
}
#============= init_t ==============
#!!!! This avc is allowed in the current policy
allow init_t devpts_t:chr_file open;
#!!!! This avc is allowed in the current policy
allow init_t http_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
#!!!! This av rule may have been overridden by an extended permission av rule
allow init_t ptmx_t:chr_file { ioctl open read write };
#!!!! This avc is allowed in the current policy
allow init_t self:process { execmem setpgid };
#!!!! This avc is allowed in the current policy
allow init_t unreserved_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:dir { rename reparent rmdir };
allow init_t user_home_t:file link;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:file { append create execute map open read rename setattr write };
#
# cat /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 8 - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/8/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=0
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
#
Use the ext4 file system instead of the default xfs.
If the xfs file system must be used, use the following command to shut down or reboot: #reboot -f #For restart the machine #poweroff -f #For shutdown the machine
Checking for library nscd : no
Checking for nscd_flush_cache : not found
VFS_STATIC: vfs_default,vfs_not_implemented,vfs_posixacl,vfs_dfs_samba4
VFS_SHARED: vfs_recycle,vfs_audit,vfs_extd_audit,vfs_full_audit,vfs_fake_perms,vfs_default_quota,vfs_readonly,vfs_cap,vfs_expand_msdfs,vfs_shadow_copy,vfs_shadow_copy2,vfs_readahead,vfs_xattr_tdb,vfs_streams_xattr,vfs_streams_depot,vfs_acl_xattr,vfs_acl_tdb,vfs_preopen,vfs_catia,vfs_media_harmony,vfs_unityed_media,vfs_fruit,vfs_shell_snap,vfs_commit,vfs_worm,vfs_crossrename,vfs_linux_xfs_sgid,vfs_time_audit,vfs_offline,vfs_virusfilter,vfs_widelinks,vfs_snapper,vfs_posix_eadb,vfs_syncops,vfs_dirsort,vfs_fileid,vfs_aio_fork,vfs_aio_pthread,vfs_gpfs,vfs_btrfs,vfs_glusterfs_fuse
PDB_STATIC: pdb_smbpasswd,pdb_tdbsam,pdb_samba_dsdb,pdb_ldapsam
PDB_SHARED:
AUTH_STATIC: auth_builtin,auth_sam,auth_winbind,auth_unix,auth_samba4
AUTH_SHARED:
NSS_INFO_STATIC: nss_info_template
NSS_INFO_SHARED:
CHARSET_STATIC:
CHARSET_SHARED:
IDMAP_STATIC: idmap_tdb,idmap_passdb,idmap_nss,idmap_ldap
IDMAP_SHARED: idmap_ad,idmap_rfc2307,idmap_autorid,idmap_rid,idmap_hash,idmap_tdb2,idmap_script
GPEXT_STATIC:
GPEXT_SHARED:
PERFCOUNT_STATIC:
PERFCOUNT_SHARED:
Checking for dbus : not found
vfs_snapper is enabled but prerequisite dbus-1 package not found. Use --with-shared-modules='!vfs_snapper' to disable vfs_snapper support.
(complete log in /root/samba-4.16.3/bin/config.log)
#
Checking for openpty : not found
Checking for library util : yes
Checking for openpty in util : ok
Checking for system installation of Python module markdown : not found
Unable to find Python module 'markdown'. Please install the system package: python3-markdown'.
#