As a general rule, it is worth including smb.conf portions as well as
squid.conf portions to the list when troubleshooting winbind ACL's.
I had a number of problems with wb_group that went away when I left out the
winbind separator option in smb.conf. Also, use the group name, not the SID
in the ACL.
Also, try enabling greater debug info in the cache.log which might give more
info on what's going wrong - unless you are certain the problem is the
wb_group file giving the ERR, in which case squid is not the problem. Have
a look in the wb_group.c source to see (it can be surprisingly readable,
even for a non-programmer) what conditions cause this status to be
generated.
Regards,
Tony
-----Original Message-----
From: Simon Bryan [mailto:sbryan@olmc.nsw.edu.au]
Sent: Monday, 4 August 2003 11:13
To: squid-users@squid-cache.org
Subject: [squid-users] wb_group
Hi all,
I am working my way through why the delay_pools do not work for me, I
suspected winbind and have been rebuilding everything. I have an issue with
wb_group that I can't resolve. If I use wb_group -d and enter a valid
username I get a list of groups as below:
student
/wb_group[22779](wb_check_group.c:343): Got 'student' from Squid (length:
7).
/wb_group[22779](wb_check_group.c:237):
SID:S-1-5-21-8915387-1576539265-1404200075-513
/wb_group[22779](wb_check_group.c:237):
SID:S-1-5-21-8915387-1576539265-1404200075-3041
/wb_group[22779](wb_check_group.c:237):
SID:S-1-5-21-8915387-1576539265-1404200075-3530
ERR
However it always terminates with an ERR which seems to me what it must be
sending to Squid so the users never fall into a group. I am using the Squid
snapshot from 3rd August and Samba 2.2.8a, I have copied over the
winbindd_nss.h file over the top of the Squid.
Squid -v gives:
Squid Cache: Version 2.5.STABLE3-20030803
configure options: --enable-delay-pools --enable-auth=ntlm,basic
--enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind
wb_info gives all the right answers.
Any clues appreciated.
As a second question, when using wb_group in an acl do you use the NT group
name eg 'teachers' or the SID number as given by wb_group on the command
line?
Cheers,
____________________
Simon Bryan
IT Manager
OLMC Parramatta
Downs MicroSystems Pty Ltd
145 Margaret Street
Toowoomba Qld 4350
Ph. (07) 4639 3344 Fax (07) 4639 3820
Important Disclaimer and Warning
Downs MicroSystems does not represent or warrant that any attached files are
free from computer viruses or other defects. The attached files are
provided, and may only be used, on the basis that the user assumes all
responsibility for any loss, damage or consequences resulting directly or
indirectly from use of the attached files. The liability of Downs
MicroSystems in any event is limited to either the resupply of the attached
files or the cost of having the attached files resupplied.
NOTE: The views expressed by the individual in this message do not
necessarily reflect those of the organisation.
Downs MicroSystems is committed to protecting the privacy of individuals,
and is bound by the principles of the Commonwealth Privacy Act (1988).
Should you wish to view our Privacy Policy, please visit
www.downsmicro.com.au.
The information contained in this message is confidential and may be legally
privileged. The message is intended solely for the addressee(s). If you are
not the intended recipient, you are hereby notified that any use,
dissemination, or reproduction is strictly prohibited and may be unlawful.
If you are not the intended recipient, please contact the sender by return
e-mail and destroy all copies of the original message.
Received on Sun Aug 03 2003 - 19:40:27 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:33 MST