So far no success
I aletered the following apparmor profiles:
cat /etc/apparmor.d/usr.sbin.smbd
# Last Modified: Thu Mar 6 12:50:05 2014
#include <tunables/global>
/usr/sbin/smbd {
#include <abstractions/authentication>
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/cups-client>
#include <abstractions/nameservice>
#include <abstractions/samba>
#include <abstractions/user-tmp>
#include <abstractions/wutmp>
#include <local/usr.sbin.smbd>
#include <local/usr.sbin.smbd-shares>
capability dac_override,
capability dac_read_search,
capability fowner,
capability lease,
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_resource,
capability sys_tty_config,
/bin/bash ix,
/etc/mtab r,
/etc/netgroup r,
/etc/printcap r,
/etc/samba/* rwk,
/proc/*/mounts r,
/proc/sys/kernel/core_pattern r,
/usr/lib*/samba/auth/script.so mr,
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
/usr/lib*/samba/vfs/*.so mr,
/usr/lib*/samba/{lowercase,lowcase,upcase,valid}.dat r,
/usr/sbin/smbd mr,
/usr/sbin/smbldap-useradd rpx,
/usr/sbin/useradd rpx, #been adding this to the profile
/var/cache/samba/** rwk,
/var/cache/samba/printing/printers.tdb mrw,
/var/lib/samba/** rwk,
/var/lib/samba/printers/** rw,
/var/lib/sss/mc/passwd r,
/var/lib/sss/pubconf/kdcinfo.* r,
/var/log/samba/cores/smbd/ rw,
/var/log/samba/cores/smbd/** rw,
/var/spool/samba/** rw,
/{,var/}run/cups/cups.sock rw,
/{,var/}run/dbus/system_bus_socket rw,
/{,var/}run/samba/** rk,
/{,var/}run/samba/ncalrpc/ rw,
/{,var/}run/samba/ncalrpc/** rw,
/{,var/}run/samba/smbd.pid rw,
@{HOMEDIRS}/** rwlk,
}
cat /etc/apparmor.d/usr.sbin.smbldap-useradd
# Last Modified: Thu Mar 6 11:01:54 2014
#include <tunables/global>
/usr/sbin/smbldap-useradd {
#include <abstractions/base>
#include <abstractions/bash>
#include <abstractions/nameservice>
#include <abstractions/perl>
#include <local/usr.sbin.smbldap-useradd>
/bin/bash ix, #been adding this to the profile
/dev/tty rw,
/etc/init.d/nscd Cx,
/etc/shadow r,
/etc/smbldap-tools/smbldap.conf r,
/etc/smbldap-tools/smbldap_bind.conf r,
/usr/sbin/smbldap-useradd rpx,
/usr/sbin/smbldap_tools.pm r,
/usr/sbin/useradd rpx, #been adding this to the profile
/var/log/samba/log.smbd w,
profile /etc/init.d/nscd {
#include <abstractions/base>
#include <abstractions/nameservice>
capability sys_ptrace,
/bin/bash r,
/bin/mountpoint rix,
/bin/systemctl rix,
/dev/tty rw,
/etc/init.d/nscd r,
/etc/rc.status r,
}
}
Still I get
brutus kernel: [162787.710453] type=1400 audit(1394107710.648:359): apparmor="DENIED" operation="exec" info="profile not found" error=-2 parent=23580 profile="/usr/sbin/smbd" name="/usr/sbin/useradd" pid=23582 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
2014-03-06T13:08:30.651832+01:00 brutus smbd[23580]: [2014/03/06 13:08:30.651629, 0] ../source3/passdb/pdb_interface.c:488(pdb_default_create_user)
2014-03-06T13:08:30.653295+01:00 brutus smbd[23580]: _samr_create_user: Running the command `/usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false pc-lukas$' gave 127
At current I am out of ideas.
Any help greatly appreciated.
Greez
chris