RE: [squid-users] Squid failure with samba 3.0.7,

From: John O'Reilly <JOReilly@dont-contact.us>
Date: Wed, 6 Oct 2004 13:00:52 +0100

Lars,

Ensure the permissions on /var/cache/samba/winbindd_privileged are set as
chown root:squid and chmod 750. This works for me, and I've been able to
upgrade to Samba 3.0.7 without changing these permissions, or changing the
user I run Samba under.

John

-----Original Message-----
From: Lars Roland [mailto:lroland@gmail.com]
Sent: 06 October 2004 12:24
To: Squid
Subject: [squid-users] Squid failure with samba 3.0.7,

Hi all

I just tried updating our samba server to 3.0.7 (from an ealier 3.x
release). Now winbind auth does not work any more, I get the folowing
error in smbd.log.

----------------------------------------------------------------------------
----------------------
[2004/10/06 13:16:18, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(383)
  winbindd_pam_auth_crap: non-privileged access denied. !
  winbindd_pam_auth_crap: Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly.
----------------------------------------------------------------------------
----------------------

Both smbd, nmbd and winbindd is run as root, squid runs as a squid
user in a squid group. I have not had any problems with this
setup/config before so I am a little in the dark about what privileges
that should be set on the /var/cache/samba/winbindd_privileged
directory. Googling around to find an answer gave me this post:

http://www.squid-cache.org/mail-archive/squid-users/200406/0357.html

But I am not 100% sure how to implement this (should I create a samba
user/group and somhow get samba to run with these priviliges ?? - most
samba setups I have came accrose runs as root, so doing so seams a
little odd to me).

Regards.

Lars Roland

ITIS Holdings plc
www.itisholdings.com

Station House, Stamford New Road
Altrincham, Cheshire WA14 1EP
+44(0)161 927 3600
+44(0)161 929 5074 (fax)

Internet communications are not secure and therefore ITIS Holdings cannot
accept responsibility for the contents of this message. If you wish to
verify that this email is genuine please contact us at the address above.

This email is confidential and is intended only for the named recipient. If
you are not the intended recipient, any dissemination, copying or disclosure
of this message is strictly prohibited. If you have received this email in
error please delete this email and contact us immediately. Any personal
opinions expressed in this email are those of the sender and should not be
taken as being representative of ITIS Holdings plc.
Received on Wed Oct 06 2004 - 06:00:59 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST