Re: [squid-users] Problem with Winbind

From: André Marques <andre_sesred@dont-contact.us>
Date: Thu, 28 Jul 2005 12:49:54 +0000 (GMT)

Hi Roman!

Your hint helped me to solve one problem: the kernel
error messages... changing the SE Linux config to
permissive, made those error messages disappear. Thank
you!

Other thing i found out was that the problem i had was
caused by an update on domain controllers. That was
the Update Rollup 1 for MS Windows 2003 servers, if
i'm not mistaken... has anybody noticed this kind of
problem or any other like that? The removal of this
update made the errors stop.

By the way, now other error is happening. my wbinfo is
bringing some crap when getting the users and groups.
Instead of bringing USER and GROUP only, it brings
DOMAIN_NAMErUSER and DOMAIN_NAMErGROUP, causing
malfunction on wbinfo when checking the groups.

Any query about users and groups by wbinfo program
shows these wrong informations. I have even tried to
put the same wbinfo that works well on other server,
replacing the bad one, but nothing changed. Is there
any way to verify why is it happening?

Again, any help would be very appreciated... thanks to
anyone!

André

--- Roman Rathler <squidlist@comegetsome.at> escreveu:

> Have you set your SElinux state to enforcing? this
> could cause the
> kernel to not allow squid to access winbind!
> check with setenforce permissive if the problem
> persists!
>
> cheers
>
> André Marques wrote:
>
> >Hello to all! :)
> >
> >I'm experiencing some troubles on one of my
> enterprise
> >proxy servers, which runs Squid 2.5 STABLE10. It
> was
> >working very well, but suddenly started to log
> these
> >kind of messages the "messages" log file:
> >
> >Jul 26 11:28:05 server1 logger: Script:Got user1
> >GROUP1 from squid
> >Jul 26 11:28:05 server1 winbindd[31811]:
> [2005/07/26
> >11:28:05, 0] lib/util_sid.c:string_to_sid(301)
> >Jul 26 11:28:05 server1 winbindd[31811]:
> >string_to_sid: Sid Could not lookup name GRUPO1
> does
> >not start with 'S-'.
> >Jul 26 11:28:05 server1 logger: Script:User:
> -USER1-
> >Group: -GRUPO1- SID: -Could not lookup name
> GRUPO1-
> >GID: -Could not convert sid Could not lookup name
> >GRUPO1 to gid-
> >Jul 26 11:28:05 server1 logger: Script:Sending ERR
> to
> >squid
> >Jul 26 11:28:45 server1 kernel:
> >audit(1122388125.215:0): avc: denied { search }
> for
> >pid=517 exe=/usr/bin/perl
> >scontext=root:system_r:httpd_sys_script_t
> >tcontext=system_u:object_r:sysctl_kernel_t
> tclass=dir
> >Jul 26 11:28:45 server1 kernel:
> >audit(1122388125.215:0): avc: denied { search }
> for
> >pid=517 exe=/usr/bin/perl name=sys dev=proc
> >ino=-268435431
> >scontext=root:system_r:httpd_sys_script_t
> >tcontext=system_u:object_r:sysctl_t tclass=dir
> >
> >These messages vary on its appearance, but they're
> >often like those i put above.
> >
> >It seems that it tries to search for an USER1 on
> AD,
> >through wbinfo, but doesn't find it, even existing
> >this user. The result for "wbinfo -t" is ok, but
> when
> >i try to get wbinfo -n "USER1", it shows this error
> >message:
> >
> >Could not lookup name USER1
> >
> >I think that the fact of it doesn't convert the SID
> >for the user is generating the errors on the
> >"messages" log file, but on "smb.conf" file, the
> >password server is listed ok and nothing has
> changed
> >on this file recently. These error are causing
> >instability on the proxy server, making it ask for
> a
> >password sometimes or even not permitting the
> access
> >to some users.
> >
> >So, i would be grateful for any help you can give
> me
> >for i can fix it. I'm working with Fedora Core 3,
> >Samba and Winbind Version 3.0.10-1.fc3.
> >
> >I'll be available for any further information you
> may
> >need. Thanks!
> >
> >
> >André
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>_______________________________________________________
>
> >Yahoo! Acesso Grátis - Internet rápida e grátis.
> >Instale o discador agora!
> http://br.acesso.yahoo.com/
> >
> >
>
>

__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger
http://br.download.yahoo.com/messenger/
Received on Thu Jul 28 2005 - 06:50:11 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:03 MDT