[Samba] AD2003 +Squid NTLM Auth.

Andrew Bartlett abartlet at samba.org
Mon Oct 4 22:35:00 GMT 2004

On Tue, 2004-10-05 at 03:16, Michael Wray wrote:
> Authenticating Server: 2003 with Active Directory Enabled
> Squid Server: FreeBSD 5.1
> Samba: 3.0.7,1
> Other package info in package list at bottom.
> The DNS server is on the 2003 Server with the proper kerberos and ldap
> entries in the DNS server. (Passes Active Directory DNS utility tests)
> Responses are sent in LM, NTLM, &NTLM2 when negotiated.
> Signing requirements are not configured. (Choices: Enable, or not
> configured).
> Have read, and followed to best of my ability the squid FAQ and
> winbind/nmb/samba man pages.  Things that work: All of the command line
> based tests work, as you will see when you look below.  But when I try to
> authenticate with a browser I get denied, and the following info in
> cache.log and log.winbindd.  If I modify the permissions on
> /var/db/samba/winbindd_privileged, that breaks the wbinfo tests saying that
> the permissions on that file are incorrect.

We have these permissions incorrect messages for a reason :-)

The correct permissions are to allow *group* access to the privileged
pipe, say to the squid group.

chgrp squid /var/db/samba/winbindd_privileged
chmod g+rx /var/db/samba/winbindd_privileged

Andrew Bartlett

Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041005/7cdb467b/attachment.bin

More information about the samba mailing list