[squid-users] Re: squid and ntlm without winbind

From: VincenzoV <scrivimi_at_vincenzov.net>
Date: Fri, 3 Dec 2010 12:11:30 -0800 (PST)

Guido Lorenzutti wrote:
>
> I have a smb.conf and a winbind.conf, and the winbindd uses the
> winbind.conf.
> Yes, you have to joing the winbind to the domain, with:
> net rpc join -s /etc/samba/winbind.conf -U username
>

Same configuration on samba 3.5.6 (debian squeeze, testing).

Using two server it work fine, I can join to domain, authenticate user,
ecc.

Using a single server (server name is V-SQUEEZE, domain name is PROXY)
with two working configuration file winbind.conf and smb.conf I can join
to domain and list user

root_at_V-Squeeze:~# net rpc join -U root
Enter root's password:
Joined domain PROXY.

root_at_V-Squeeze:~# net rpc testjoin
Join to 'PROXY' is OK

root_at_V-Squeeze:~# net rpc user
Enter root's password:
nobody
root
test
vv

But wbinfo can't see domain PROXY and fail authentication

root_at_V-Squeeze:~# wbinfo -m
BUILTIN
V-SQUEEZE

root_at_V-Squeeze:~# wbinfo -u
V-SQUEEZE_at_nobody
V-SQUEEZE_at_root
V-SQUEEZE_at_test
V-SQUEEZE_at_vv

root_at_V-Squeeze:/var/log/samba# wbinfo -t
checking the trust secret for domain PROXY via RPC calls failed
Could not check secret

In log I can see:

[2010/12/03 21:07:54.221467, 1]
winbindd/idmap.c:438(idmap_init_passdb_domain)
  Could not init passdb idmap domain

[2010/12/03 21:07:54.223344, 0]
rpc_server/srv_netlog_nt.c:692(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate2: failed to get machine password for account
V-SQUEEZE$: NT_STATUS_NO_TRUST_SAM_ACCOUNT

Any idea?

My winbind.conf (working on other machines):

[global]
workgroup = PROXY
security = domain
password server = *
encrypt passwords = yes
winbind separator = @
idmap uid = 30000-40000
idmap gid = 30000-40000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template shell = /bin/false
template homedir = /home/winnt/%U 

-- 
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-and-ntlm-without-winbind-tp3028692p3071687.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Dec 03 2010 - 20:11:33 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 04 2010 - 12:00:02 MST