Now it's working thanks to all of you guys.
In my case there were two issues to fix:
1. The permission on /var/cache/samba/winbind_privileged
#chmod 750 /var/cache/samba/winbind_privileged
#chgrp squid /var/cache/samba/winbind_privileged
2. The character separator is \ and not + so I changed this line:
acl domain_admins proxy_auth mydomain+testuser
with this one:
acl domain_admins proxy_auth mydomain\testuser
Thank you very much.
Regards,
Freddy Chavez.
-----Mensaje original-----
De: Henrik Nordstrom [mailto:hno@squid-cache.org]
Enviado el: Tuesday, February 24, 2004 5:26 AM
Para: Daniel Meyer
CC: Henrik Nordstrom; Chavez Gutierrez, Freddy;
squid-users@squid-cache.org
Asunto: Re: [squid-users] NTLM authentication not working with Squid 2.5
+ Samba 3.0 after reading all the FAQs
On Tue, 24 Feb 2004, Daniel Meyer wrote:
> Guess i am missing something here.
>
> on my system the pipe has the following permissions:
>
> proxy:/var/locks/winbindd_privileged # ls -alp
> total 0
> drwxr-x--- 2 root root 72 Feb 24 10:52 ./
> drwxrwxrwx 4 root root 352 Feb 24 10:52 ../
> srwxrwxrwx 1 root root 0 Feb 24 10:52 pipe=
>
> If i try to change the permissions of the directory itself, so that
> the squid user can access it, winbindd fails to start:
>
> proxy:/var/locks # winbindd -i
> winbindd version 3.0.2 started.
> Copyright The Samba Team 2000-2004
> Added domain whatever whatever.Lokal
S-1-5-21-3284267766-540466896-523501128
> invalid permissions on socket directory /var/locks/winbindd_privileged
> open_winbind_socket: No such file or directory
>
> Doesnt matter if i try to change owner/group, or just the rwx
> permissions for owner/group/all...
Only root should have w. The other users who should be allowed to access
this directory should have x and optionally r.
Recommended method is to create a group for winbind authentication and
make sure all services requiring this interface (i.e. Squid) is running
with this group.
chgrp winbind /path/to/winbindd_privileged
chmod 750 /path/to/winbindd_privileged (if you have changed the
permissions)
change Squid to run with group winbind
Or if access to the OS of your server is restricted you can take the easy
path out and allow all users access to winbindd_privileged
chmod 755 /path/to/winbindd_privileged
Regards
Henrik
Received on Tue Feb 24 2004 - 14:52:55 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST