Hi,
We're using Squid-2.5.STABLE14 and occasionally when we rotate logs
(nightly event) something breaks in the squid->ntlm_auth->winbind chain
such that users get prompted in their browsers to authenticate.
In the cache log we see this error for each user:
Login for user [domain]\[user]@[machine] failed due to [winbind client not
authorized to use winbindd_pam_auth_crap. Ensure permissions on
/appl/samba-3.2.10/var/locks/winbindd_privileged are set correctly.]
The permissions are of course correct on the winbindd_privileged folder
and the pipe (this works most of the time)
drwxr-x--- 2 root squid 3 Dec 3 22:29
/appl/samba/var/locks/winbindd_privileged
srwxrwxrwx 1 root root 0 Dec 3 22:29 pipe
Squid runs as effective user 'operator' which is in the 'squid' group.
When the problem happens I shutdown Squid and restart it and everything
works once again.
Thanks for looking.
Rob
Received on Wed Dec 07 2011 - 14:30:42 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 08 2011 - 12:00:02 MST