[Samba] Problems with authentication in Samba4
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 2 07:54:27 UTC 2015
Hai,
I cant remember exactly how my setup on wheezy did these,
im running now Jessie squid 3.5.10 with 3 authentication layers and
1 group check, and this works perfectly.
( squid recompiled with ssl enabled from sid )
For the wbinfo, ( i dont use that one but here a test )
echo "myusers my_internet_users"| /usr/lib/squid/ext_wbinfo_group_acl -d
show the correct output ( OK )
same for
echo "myusers DOMAIN\\my_internet_users"| /usr/lib/squid/ext_wbinfo_group_acl -d
so i can only think of 3 things.
1) you group is missing a GID
2) the wbinfo_group from wheezy is to old.
3) remove the space from the squid, but since your using domain users,
Create a new group without spaces.
If you want a nice squid example, just ask, i'll post my setup.
Oh and above did also work good for me on wheezy with squid 3.4.8(backports)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> Verzonden: dinsdag 1 december 2015 18:05
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problems with authentication in Samba4
>
> On 01/12/15 16:45, Marcio Demetrio Bacci wrote:
> > Hi,
> >
> > I'm having problems to authenticate users with winbind. I'm implementing
> > Squid3 Server and this server is working properly. But I think there is
> a
> > problem with winbind (perhaps winbind separator), because when I put ^
> as
> > separator, how in Domain^Users, the error message appeared:
> >
> >
> > root at proxy:~# *echo "bacci Domain^Users" |
> /usr/lib/squid3/wbinfo_group.pl
> > <http://wbinfo_group.pl>*
> > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup name Domain^Users
> > failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
> > Could not convert sid to gid
> > ERR
> >
> > But, when I put %20 as separator, how in Domain%20Users, the
> authentication
> > is OK.
> >
> > root at proxy:~# *echo "bacci Domain%20Users" |
> > /usr/lib/squid3/wbinfo_group.pl <http://wbinfo_group.pl>*
> > OK
> >
> > My environment is: Samba 4.2.1 on Debian 7.2 as DC
> > Samba 4.1.17 on Debian 7.2 and Squid 3.1 as Proxy.
> >
> > Here is my smb.conf in Proxy Server (Member Server)
> >
> > [global]
> > netbios name = DC1
> > workgroup = EMPRESA
> > security = ads
> > realm = EMPRESA.COM
> > encrypt passwords = yes
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > preferred master = no
> > idmap config *:backend = tdb
> > idmap config *:range = 1000-3000
> > idmap config EMPRESA:backend = ad
> > idmap config EMPRESA:schema_mode = rfc2307
> > idmap config EMPRESA:range = 10000-9999999
> >
> > winbind nss info = rfc2307
> > winbind trusted domains only = no
> > winbind use default domain = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind refresh tickets = yes
> >
> > vfs objects = acl_xattr
> > map acl inherit = Yes
> > store dos attributes = Yes
> > username map = /etc/samba/user.map
> >
> > Is there any way to fix this problem in the Winbind?
>
> Why do you need to use '^' ?
> getent group Domain^Users doesn't work either, but getent group Domain\
> Users does
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list