And i forgot to mention. This is what i have for my squid. auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy.internal.domain.tld at REALM \ --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN See the ntlm line. => --helper-protocol=gss-spnego Greetz, Louis> -----Oorspronkelijk bericht-----> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe> Dominguez Vega via samba> Verzonden: woensdag 28 december 2016 13:41> Aan: samba at lists.samba.org> Onderwerp: [Samba] Error with samba update in debian.>> Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into> Debian Testing, before i update to this version my proxy (squid)> authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius> server authenticating with winbind. But now with this update i can get to> work again the autentications, when i request the NT_KEY to ntlm_auth it> not return that key.>> this is the output of ntlm_auth>> root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp> MTZ\luis.dominguez <my_pass>> BH SPNEGO request invalid prefix>> and the output of squid> ERROR: NTLM Authentication validating user. Result: {result=BH,> notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }}>> Requesting the nt key used by freeradius (the nt key is not in the output)>> root at proxy:~# /usr/bin/ntlm_auth --request-nt-key --> username=luis.dominguez> Password:> NT_STATUS_OK: Success (0x0)>> ---------------------------------------> Al tanto> Ing. Luis Felipe Domínguez Vega> Administrador de la Red de Desoft Matanzas> GNU/Linux Kernel Developer - rtlwifi kernel module>> "No es grande aquel que nunca falla, es grande el que nunca se da por> vencido? ">>> --> To unsubscribe from this list go to the following URL and read the> instructions: https://lists.samba.org/mailman/options/samba
Luis Felipe Dominguez Vega
2016-Dec-28 13:27 UTC
[Samba] Error with samba update in debian.
Thanks.... this is my smb.conf ################################################################################ # Global parameters [global] netbios name = DC realm = MTZ.DESOFT.CU server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = MTZ server role = active directory domain controller idmap_ldb:use rfc2307 = yes client ldap sasl wrapping = sign ldap server require strong auth = No map to guest = bad user # Audit settings full_audit:prefix = %u|%I|%S full_audit:failure = connect full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath full_audit:facility = local5 full_audit:priority = notice tls enabled = yes tls certfile = /var/lib/samba/private/tls/dc-cert.pem tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem tls cafile = /var/lib/samba/private/tls/cacert.pem tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem # ntlm auth = yes # lanman auth = yes # lanman auth = yes [netlogon] path = /var/lib/samba/sysvol/mtz.desoft.cu/scripts read only = No vfs objects = full_audit [sysvol] path = /var/lib/samba/sysvol read only = No vfs objects = full_audit ################################################################################ i tried with setting all the comments in yes, then systemctl restart samba-ad-dc, but the squid neither authenticated, same errors, Need to full reset the AD server? When i use the negotiate in squid i see this in squid ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: NT_STATUS_UNSUCCESSFUL * NT_STATUS_UNSUCCESSFUL; }} --------------------------------------- Al tanto Ing. Luis Felipe Domínguez Vega Administrador de la Red de Desoft Matanzas GNU/Linux Kernel Developer - rtlwifi kernel module "No es grande aquel que nunca falla, es grande el que nunca se da por vencido… " ----- Original Message ----- From: "L.P.H. van Belle via samba" <samba at lists.samba.org> To: samba at lists.samba.org Sent: Wednesday, December 28, 2016 8:01:07 AM Subject: Re: [Samba] Error with samba update in debian. And i forgot to mention. This is what i have for my squid. auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy.internal.domain.tld at REALM \ --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN See the ntlm line. => --helper-protocol=gss-spnego Greetz, Louis> -----Oorspronkelijk bericht-----> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe> Dominguez Vega via samba> Verzonden: woensdag 28 december 2016 13:41> Aan: samba at lists.samba.org> Onderwerp: [Samba] Error with samba update in debian.>> Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into> Debian Testing, before i update to this version my proxy (squid)> authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius> server authenticating with winbind. But now with this update i can get to> work again the autentications, when i request the NT_KEY to ntlm_auth it> not return that key.>> this is the output of ntlm_auth>> root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp> MTZ\luis.dominguez <my_pass>> BH SPNEGO request invalid prefix>> and the output of squid> ERROR: NTLM Authentication validating user. Result: {result=BH,> notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }}>> Requesting the nt key used by freeradius (the nt key is not in the output)>> root at proxy:~# /usr/bin/ntlm_auth --request-nt-key --> username=luis.dominguez> Password:> NT_STATUS_OK: Success (0x0)>> ---------------------------------------> Al tanto> Ing. Luis Felipe Domínguez Vega> Administrador de la Red de Desoft Matanzas> GNU/Linux Kernel Developer - rtlwifi kernel module>> "No es grande aquel que nunca falla, es grande el que nunca se da por> vencido? ">>> --> To unsubscribe from this list go to the following URL and read the> instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba