[Samba] samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder
Kontrol-Suporte
suporte at kontrolsecurity.com.br
Thu Apr 18 21:33:03 UTC 2019
Hello everyone,
Just made a brand new installation of the Samba 4.10 for FreeBSD (got it
from FreeNAS project) and it worked very well but I am facing some issues
while working with it + Squid 4.6
Here is the thing. I could Join the machine to my Domain with absolutely no
problems. I also created the Kerberos keytab, etc.
For some reason, the Squid Helpers are showing an error message, like the
one below.
Although, NTLM helper is working fine and authenticating with no errors,
Kerberos helper is not working at all and it fails crashing the Squid as it
Terminated abnormally.
**start error log**
Initialising global parameters
Processing section "[global]"
Initialising global parameters
Processing section "[global]"
Initialising global parameters
directory_create_or_exist_strict: invalid ownership on directory
/var/run/samba4/msg.lock
Processing section "[global]"
cmdline_messaging_context: Unable to initialize messaging context.
lp_load_ex: refreshing parameters
**end of error log**
I tried several different ownerships with no success, also I compared with
old versions. Same thing.
The Kerberos helper fails with the following Error log:
**start error log**
2019/04/18 18:25:05 kid1| WARNING: negotiateauthenticator #Hlpr1 exited
2019/04/18 18:25:05 kid1| FATAL: The negotiateauthenticator helpers are
crashing too rapidly, need help!
2019/04/18 18:25:05 kid1| Squid Cache (Version 4.6): Terminated abnormally.
CPU Usage: 0.105 seconds = 0.053 user + 0.053 sys
Maximum Resident Size: 122672 KB
Page faults with physical i/o: 0
** end error log**
Here is my smb4.conf file, just in case I am using any deprecated/Invalid
configuration.
**smb4.conf**
#########################
[global]
workgroup = DOMAIN
realm = DOMAIN.CORP
client NTLMv2 auth = yes
client lanman auth = no
client plaintext auth = no
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 10000-20000
map to guest = never
security = ads
template shell = /bin/bash
winbind offline logon = yes
winbind refresh tickets = yes
winbind nested groups = yes
winbind use default domain = yes
encrypt passwords = yes
log level = 3 passdb:5 winbind:3
usershare allow guests = no
printcap name = /dev/null
load printers = no
printing = bsd
local master = no
kerberos method = secrets and keytab
winbind refresh tickets = yes
[homes]
comment = Home Directories
valid users = %s, %D%W%S
browseable = no
read only = no
inherit acls = yes
##############################
**Here the krb5.conf**
############################
[libdefaults]
default_realm = DOMAIN.CORP
dns_lookup_kdc = yes
dns_lookup_realm = yes
ticket_lifetime = 24h
default_keytab_name = /etc/krb5.keytab
forwardable = yes
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
DOMAIN.CORP = {
kdc = kontroldc01.domain.corp
admin_server = kontroldc01.domain.corp
default_domain = domain.corp
}
.domain.corp = DOMAIN.CORP
domain.corp = DOMAIN.CORP
[logging]
kdc = FILE:/var/log/kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
####################
I know it seems something wrong with SQUID, not SAMBA 4.10, but I am just
wondering if I committed any mistake during the configuration process.
Any help will be very welcome and appreciated!
Thanks!
Fabricio.
More information about the samba
mailing list