Hi list
For the last year I've installed several squid proxies, which
authenticate themselves against NT Domains. Each domain is primarly
controlled by a Samba PDC (at the moment, Samba-3.0.10) and I have no
problems at all. Since Monday, I've tried unsuccessfully to get a
squid-2.5-stable8 to run with samba-3.0.11 against a Windows 2003 PDC.
Here's the steps:
* compile and install samba with winbind and pam support
* configure smb.conf
+ workgroup
+ password server
+ security=domain
+ winbind settings
* cp nsswitch/libnss_winbind.so /lib && ln
-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
* start samba
* net rpc join -S PDC_NAME -w DOMAIN -U user_with_perms
* restart samba
* change /etc/nsswitch.conf
* samba tests
+ wbinfo -u /-g /-t
* compile and install squid
+ --prefix=/usr/local/squid-x.xx-yyy --enable-carp --enable-delay-pools
--enable-kill-parent-hack --enable-ssl --enable-auth="ntlm,basic"
--enable-external-acl-helpers="wbinfo_group"
* squid + winbind tests
+ ntlm_auth --helper-protocol=squid-2.5-basic -> user password OK
Everything is ok, it should be working. I then restart samba, and start
squid, and when configuring a client browser (IE, Firefox,...) it
returns the following:
[2005/02/16 15:46:06, 2]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429)
winbindd_pam_auth_crap: non-privileged access denied. !
winbindd_pam_auth_crap: Ensure permissions
on /usr/local/samba-3.0.10/var/locks/winbindd_privileged are set
correctly.
[2005/02/16 15:46:06, 2]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642)
NTLM CRAP authentication for user [(null)]\[(null)] returned
NT_STATUS_ACCESS_DENIED (PAM: 4)
Squid is running as nobody.nogroup, but I've got this conf on other
proxies and never had any problem. I've been to #squid and #samba @
freenode.net but no one ever gave me a good tip about this, so I'm
really cracking my head up.
Thanks in advance,
Paulo Pires
Received on Wed Feb 16 2005 - 08:59:34 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST