vincent.blondel@ing.be
2008-Dec-17 18:17 UTC
[Samba] /var/lib/samba/winbindd_privileged permission issue.
Hello all, I am discussing more than two weeks with SQuid developpers for an issue I encounter with ntlm_auth process. You can get a complete overview of the discussion at the url specified below but you can also get a summary later in this mail. http://www.mail-archive.com/squid-users@squid-cache.org/msg60371.html I get a complete platform based on OpenLDAP 2.3.43, MIT-KerberosV 1.6, Samba 3.0.32, Cyrus-SASL 2.1.22, OPenSSL 0.9.8i and SQUID 2.7.4 proxy running on SOlaris 8. All these servers are member of our Windows 2003 Domain Controllers. Process /usr/local/sbin/winbindd is the one activated, smbd and nmbd are not because I just need to authenticate ntlm requests coming from squid software. This is all running fine except I regularly and randomly get next message in squid log files ... [2008/12/04 10:10:57, 0] utils/ntlm_auth.c:winbind_pw_check(515) Login for user [EMAIL PROTECTED] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly.] I already tried many things including chmod, chown, setuid, setgid, ... but always get the same result .. it works and then NOT. So, please, I hope somebody can help me because I get hundreds of users blocked each time this problem occurs .. many thanks Vincent ----------------------------------------------------------------- ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. -----------------------------------------------------------------
vincent.blondel@ing.be
2008-Dec-18 05:59 UTC
[Samba] /var/lib/samba/winbindd_privileged permission issue.
> >Hi, > >I had the same issue with freeradius authentification with ntlm_auth. > >On my system: > >drwxr-x--- 2 root wbpriv 4096 Dec 15 18:17 winbindd_privileged > >I just added freeradius account in wbpriv group to make it works. >if you look at my mails, you can see user squid (in this case) is member of group squidg and winbind so this should be okay.>2008/12/17 <vincent.blondel@ing.be>: >> >> Hello all, >> >> I am discussing more than two weeks with SQuid developpers for an issue >> I encounter with ntlm_auth process. You can get a complete overview of >> the discussion at the url specified below but you can also get a summary >> later in this mail. >> >> http://www.mail-archive.com/squid-users@squid-cache.org/msg60371.html >> >> I get a complete platform based on OpenLDAP 2.3.43, MIT-KerberosV 1.6, >> Samba 3.0.32, Cyrus-SASL 2.1.22, OPenSSL 0.9.8i and SQUID 2.7.4 proxy >> running on SOlaris 8. >> >> All these servers are member of our Windows 2003 Domain Controllers. >> >> Process /usr/local/sbin/winbindd is the one activated, smbd and nmbd are >> not because I just need to authenticate ntlm requests coming from squid >> software. >> >> This is all running fine except I regularly and randomly get next >> message in squid log files ... >> >> [2008/12/04 10:10:57, 0] utils/ntlm_auth.c:winbind_pw_check(515) Login >> for user [EMAIL PROTECTED] failed due to [winbind client not authorized >> to use winbindd_pam_auth_crap. Ensure permissions on >> /var/lib/samba/winbindd_privileged are set correctly.] >> >> I already tried many things including chmod, chown, setuid, setgid, ... >> but always get the same result .. it works and then NOT. >> >> So, please, I hope somebody can help me because I get hundreds of users >> blocked each time this problem occurs .. >> >> many thanks >> Vincent >> ----------------------------------------------------------------- >> ATTENTION: >> The information in this electronic mail message is private and >> confidential, and only intended for the addressee. Should you >> receive this message by mistake, you are hereby notified that >> any disclosure, reproduction, distribution or use of this >> message is strictly prohibited. Please inform the sender by >> reply transmission and delete the message without copying or >> opening it. >> >> Messages and attachments are scanned for all viruses known. >> If this message contains password-protected attachments, the >> files have NOT been scanned for viruses by the ING mail domain. >> Always scan attachments before opening them. >> ----------------------------------------------------------------- >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> >----------------------------------------------------------------- ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. -----------------------------------------------------------------