Hello all Im using a linux box running CentOS 4.1 as a proxy server with user auth with an AD Its working for a long time, but suddenly this weekend the users cant authenticate anymore looking on logs i obtain this Oct 10 08:29:59 sol (ntlm_auth): [2005/10/10 08:29:59, 0] utils/ntlm_auth.c:get_require_membership_sid(237) Oct 10 08:29:59 sol (ntlm_auth): Winbindd lookupname failed to resolve VILLAS+SQUID into a SID! searching for this error on google i tried on ntlm_auth command to change the DOMAIN+GROUP to SID and with SID works fine /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=VILLAS+SQUID USER PASSWORD [2005/10/10 12:18:53, 0] utils/ntlm_auth.c:get_require_membership_sid(237) Winbindd lookupname failed to resolve VILLAS+SQUID into a SID! ERR and changing /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=S-1-5-21-1390067357-573735546-682003330-1524 USER PASSWORD OK any guess? thanks anyway marcello -- Marcello Mezzanotti <marcello.mezzanotti@gmail.com> Information Security UNIX / Linux / *BSD
On Mon, 2005-10-10 at 12:32 -0300, Marcello Mezzanotti wrote:> Hello all > > Im using a linux box running CentOS 4.1 as a proxy server with user > auth with an AD > Its working for a long time, but suddenly this weekend the users cant > authenticate anymore > > looking on logs i obtain this > > Oct 10 08:29:59 sol (ntlm_auth): [2005/10/10 08:29:59, 0] > utils/ntlm_auth.c:get_require_membership_sid(237) > Oct 10 08:29:59 sol (ntlm_auth): Winbindd lookupname failed to resolve > VILLAS+SQUID into a SID! > > searching for this error on google i tried on ntlm_auth command to > change the DOMAIN+GROUP to SID and with SID works fineThe problem is that ntlm_auth does the name2sid call once at startup. If this call doesn't work then, it has problems, which is why I suggest storing the SID for maximum reliability. Perhaps your DC was down when squid started? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20051011/d61263c6/attachment.bin
On Fri, 2005-10-14 at 11:22 +1000, Andrew Bartlett wrote:> Then I'm a bit lost. Does wbinfo -n work? > > Andrew Bartlett >Andrew, Well, i believe its just works for users, groups dont [root@netuno root]# wbinfo -n "marcello.mezzanotti" S-1-5-21-1390067357-573735546-682003330-1316 User (1) [root@netuno root]# wbinfo -n "Domain Users" Could not lookup name Domain Users [root@netuno root]# wbinfo -g | grep Domain Domain Computers Domain Controllers Domain Admins Domain Users Domain Guests Exchange Domain Servers RTCHSDomainServices RTCDomainServerAdmins RTCDomainUserAdmins [root@netuno root]# getent group | grep Domain Domain Computers:x:10006: Domain Controllers:x:10009: Domain Admins:x:10003:marcello.mezzanotti,eduardotec,alexandreb,Administrator Domain Users:x:10000:cristinag Domain Guests:x:10014:Guest Exchange Domain Servers:x:10017:MARTE$,MAIL$ RTCHSDomainServices:x:10008: RTCDomainServerAdmins:x:10030: RTCDomainUserAdmins:x:10031: -- Marcello Mezzanotti <marcello.mezzanotti@gmail.com> Information Security UNIX / Linux / *BSD