[Samba] /var/lib/samba/winbindd_privileged permission issue.

vincent.blondel at ing.be vincent.blondel at ing.be
Wed Dec 17 18:11:58 GMT 2008 

Hello all,

I am discussing more than two weeks with SQuid developpers for an issue
I encounter with ntlm_auth process. You can get a complete overview of
the discussion at the url specified below but you can also get a summary
later in this mail.

   http://www.mail-archive.com/squid-users@squid-cache.org/msg60371.html

I get a complete platform based on OpenLDAP 2.3.43, MIT-KerberosV 1.6,
Samba 3.0.32, Cyrus-SASL 2.1.22, OPenSSL 0.9.8i and SQUID 2.7.4 proxy
running on SOlaris 8.

All these servers are member of our Windows 2003 Domain Controllers. 

Process /usr/local/sbin/winbindd is the one activated, smbd and nmbd are
not because I just need to authenticate ntlm requests coming from squid
software.

This is all running fine except I regularly and randomly get next
message in squid log files ...

[2008/12/04 10:10:57, 0] utils/ntlm_auth.c:winbind_pw_check(515) Login
for user [EMAIL PROTECTED] failed due to [winbind client not authorized
to use winbindd_pam_auth_crap. Ensure permissions on
/var/lib/samba/winbindd_privileged are set correctly.]

I already tried many things including chmod, chown, setuid, setgid, ...
but always get the same result .. it works and then NOT.

So, please, I hope somebody can help me because I get hundreds of users
blocked each time this problem occurs ..

many thanks
Vincent
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------

More information about the samba mailing list