And i forgot to mention. This is what i have for my squid. auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy.internal.domain.tld at REALM \ --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN See the ntlm line. => --helper-protocol=gss-spnego Greetz, Louis> -----Oorspronkelijk bericht-----> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe> Dominguez Vega via samba> Verzonden: woensdag 28 december 2016 13:41> Aan: samba at lists.samba.org> Onderwerp: [Samba] Error with samba update in debian.>> Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into> Debian Testing, before i update to this version my proxy (squid)> authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius> server authenticating with winbind. But now with this update i can get to> work again the autentications, when i request the NT_KEY to ntlm_auth it> not return that key.>> this is the output of ntlm_auth>> root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp> MTZ\luis.dominguez <my_pass>> BH SPNEGO request invalid prefix>> and the output of squid> ERROR: NTLM Authentication validating user. Result: {result=BH,> notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }}>> Requesting the nt key used by freeradius (the nt key is not in the output)>> root at proxy:~# /usr/bin/ntlm_auth --request-nt-key --> username=luis.dominguez> Password:> NT_STATUS_OK: Success (0x0)>> ---------------------------------------> Al tanto> Ing. Luis Felipe Domínguez Vega> Administrador de la Red de Desoft Matanzas> GNU/Linux Kernel Developer - rtlwifi kernel module>> "No es grande aquel que nunca falla, es grande el que nunca se da por> vencido? ">>> --> To unsubscribe from this list go to the following URL and read the> instructions: https://lists.samba.org/mailman/options/samba
Luis Felipe Dominguez Vega
2016-Dec-28 13:27 UTC
[Samba] Error with samba update in debian.
Thanks.... this is my smb.conf
################################################################################
# Global parameters
[global]
netbios name = DC
realm = MTZ.DESOFT.CU
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = MTZ
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
client ldap sasl wrapping = sign
ldap server require strong auth = No
map to guest = bad user
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = connect disconnect opendir mkdir rmdir closedir
open close read pread write pwrite sendfile rename unlink chmod fchmod chown
fchown chdir ftruncate lock symlink readlink link mknod realpath
full_audit:facility = local5
full_audit:priority = notice
tls enabled = yes
tls certfile = /var/lib/samba/private/tls/dc-cert.pem
tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem
tls cafile = /var/lib/samba/private/tls/cacert.pem
tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl
tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem
# ntlm auth = yes
# lanman auth = yes
# lanman auth = yes
[netlogon]
path = /var/lib/samba/sysvol/mtz.desoft.cu/scripts
read only = No
vfs objects = full_audit
[sysvol]
path = /var/lib/samba/sysvol
read only = No
vfs objects = full_audit
################################################################################
i tried with setting all the comments in yes, then systemctl restart
samba-ad-dc, but the squid neither authenticated, same errors, Need to full
reset the AD server?
When i use the negotiate in squid i see this in squid
ERROR: Negotiate Authentication validating user. Result: {result=BH,
notes={message: NT_STATUS_UNSUCCESSFUL * NT_STATUS_UNSUCCESSFUL; }}
---------------------------------------
Al tanto
Ing. Luis Felipe Domínguez Vega
Administrador de la Red de Desoft Matanzas
GNU/Linux Kernel Developer - rtlwifi kernel module
"No es grande aquel que nunca falla, es grande el que nunca se da por
vencido… "
----- Original Message -----
From: "L.P.H. van Belle via samba" <samba at lists.samba.org>
To: samba at lists.samba.org
Sent: Wednesday, December 28, 2016 8:01:07 AM
Subject: Re: [Samba] Error with samba update in debian.
And i forgot to mention.
This is what i have for my squid.
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s
HTTP/proxy.internal.domain.tld at REALM \
--ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN
See the ntlm line. => --helper-protocol=gss-spnego
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe
> Dominguez Vega via samba
> Verzonden: woensdag 28 december 2016 13:41
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Error with samba update in debian.
>
> Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into
> Debian Testing, before i update to this version my proxy (squid)
> authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius
> server authenticating with winbind. But now with this update i can get to
> work again the autentications, when i request the NT_KEY to ntlm_auth it
> not return that key.
>
> this is the output of ntlm_auth
>
> root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp
> MTZ\luis.dominguez <my_pass>
> BH SPNEGO request invalid prefix
>
> and the output of squid
> ERROR: NTLM Authentication validating user. Result: {result=BH,
> notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }}
>
> Requesting the nt key used by freeradius (the nt key is not in the output)
>
> root at proxy:~# /usr/bin/ntlm_auth --request-nt-key --
> username=luis.dominguez
> Password:
> NT_STATUS_OK: Success (0x0)
>
> ---------------------------------------
> Al tanto
> Ing. Luis Felipe Domínguez Vega
> Administrador de la Red de Desoft Matanzas
> GNU/Linux Kernel Developer - rtlwifi kernel module
>
> "No es grande aquel que nunca falla, es grande el que nunca se da por
> vencido? "
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba