[Samba-it] Active directory, samba e squid

Alessio Fattorini a.fattorini at abanet.it
Thu May 25 16:24:01 MDT 2006 

Salve a tutti,
sono nuovo nella lista.
Voglio fare autenticare chi usa il rpoxy squid, direttamente sul mio
server win2k con active directory. Penso che il problema sia comune, una
volta autenticato nel dominio il browser non deve chiedere altri
username/password aggiuntivi.
Ho seguito in ogni sua parte il tutorial sul sito
www.sistemistiindipendenti.org e anche la documentazione di Samba.
Il mio dominio è ABANET
Il mio active directory è 192.168.1.140

Incollo la mia configurazione di samba:
[global]
server string = Samba Proxy
password server = 192.168.1.140
security = domain
encrypt passwords = yes
workgroup = ABANET
winbind separator =@
template homedir = /home/%D/%U
template shell = /bin/bash
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
log file = /var/log/samba.%m
max log size = 50
socket options = TCP_NODELAY

E quella di squid:

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_re uses 0
auth_param ntlm max_challenge_lifetime 20 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours


Provo a joinare il dominio:
randaold:~# net join -w ABANET -S 192.168.1.140 -U administrator
administrator's password:
[2006/05/25 16:20:40, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password administrator at ABANET.INT failed: Cannot
resolve network address for KDC in requested realm
[2006/05/25 16:20:40, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Cannot resolve network address for KDC in requested realm
[2006/05/25 16:20:40, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2006/05/25 16:20:40, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2006/05/25 16:20:40, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection):
NT_STATUS_INVALID_COMPUTER_NAME

Unable to join domain ABANET.


Provo la secret:
randaold:~# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
randaold:~#

Sapete aiutarmi? Ho sbagliato qualcosa?
Grazie
Alessio Fattorini

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/samba-it/attachments/20060525/8f5ac4ba/attachment.html>

More information about the samba-it mailing list