Quite easy, but nothing can get through to smbd. openSUSE 13.1 rc2.
We must add to the /usr/sbin/smbd apparmor profle.
Here are the errors:
2013-11-01T09:45:46.565992+01:00 altea kernel: [ 35.461728] type=1400
audit(1383295546.556:31): apparmor="DENIED" operation="open" parent=1
profile="/usr/sbin/smbd" name="/var/lib/sss/mc/passwd" pid=673
comm="smbd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
audit(1383295547.544:34): apparmor="DENIED" operation="open" parent=1
profile="/usr/sbin/smbd" name="/var/lib/sss/pubconf/kdcinfo.HH3.SITE"
pid=673 comm="smbd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
and:
audit(1383295564.188:42): apparmor="DENIED" operation="file_lock"
parent=673 profile="/usr/sbin/smbd" name="/etc/krb5.keytab" pid=908
comm="smbd" requested_mask="k" denied_mask="k" fsuid=0 ouid=0
So, add the files to the profile:
/var/lib/sss/mc/passwd read (r)
/var/lib/sss/pubconf/kdcinfo.HH3.SITE read (r)
(you will have to create this file manually)
and:
/etc/krb5.keytab lock (k)
Use YaST:)