On Wed, 2005-11-02 at 17:03 +0100, Henrik Nordstrom wrote:
> On Wed, 2 Nov 2005, Serassio Guido wrote:
>
> >> > Unable to open tdb '/usr/local/samba/private/secrets.ldb'
> >> > Failed to connect to '/usr/local/samba/private/secrets.ldb'
> >> > Could not open secrets.ldb
> >>
> >> This sounds stupid, but you will need to either run Squid as root, or
> >> give world access to secrets.ldb.
> >>
> >> This will change before release...
> >
> > OK, I will do a try.
>
> With the new group settings in Squid it should be sufficient to just
> create a "samba" group and have /usr/local/samba/private/ owned by that
> group, with your Squid cache_effective_user as member of the group..
>
> Similar to the permission problem of the winbind privileged pipe.
As a longer-term option I'm considering either having ntlm_auth use it's
own keytab, or having it submit the whole exchange to winbindd for
verification, much as it does for NTLM in Samba3.
In many ways it will be a trade-off between a complex and more secure
solution and a simpler but faster solution.
Andrew Bartlett
-- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:15 MST