[Samba] AD2003 +Squid NTLM Auth.
abartlet at samba.org
Mon Oct 4 22:35:00 GMT 2004
On Tue, 2004-10-05 at 03:16, Michael Wray wrote:
> Authenticating Server: 2003 with Active Directory Enabled
> Squid Server: FreeBSD 5.1
> Samba: 3.0.7,1
> Other package info in package list at bottom.
> The DNS server is on the 2003 Server with the proper kerberos and ldap
> entries in the DNS server. (Passes Active Directory DNS utility tests)
> Responses are sent in LM, NTLM, &NTLM2 when negotiated.
> Signing requirements are not configured. (Choices: Enable, or not
> Have read, and followed to best of my ability the squid FAQ and
> winbind/nmb/samba man pages. Things that work: All of the command line
> based tests work, as you will see when you look below. But when I try to
> authenticate with a browser I get denied, and the following info in
> cache.log and log.winbindd. If I modify the permissions on
> /var/db/samba/winbindd_privileged, that breaks the wbinfo tests saying that
> the permissions on that file are incorrect.
We have these permissions incorrect messages for a reason :-)
The correct permissions are to allow *group* access to the privileged
pipe, say to the squid group.
chgrp squid /var/db/samba/winbindd_privileged
chmod g+rx /var/db/samba/winbindd_privileged
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041005/7cdb467b/attachment.bin
More information about the samba