[Samba] samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder

Kontrol-Suporte suporte at kontrolsecurity.com.br
Thu Apr 18 21:33:03 UTC 2019 

Hello everyone,

Just made a brand new installation of the Samba 4.10 for FreeBSD (got it
from FreeNAS project) and it worked very well but I am facing some issues
while working with it + Squid 4.6

Here is the thing.  I could Join the machine to my Domain with absolutely no
problems. I also created the Kerberos keytab, etc.

For some reason, the Squid Helpers are showing an error message, like the
one below.

Although, NTLM helper is working fine and authenticating with no errors,
Kerberos helper is not working at all and it fails crashing the Squid as it
Terminated abnormally.

 

**start error log**

Initialising global parameters

Processing section "[global]"

Initialising global parameters

Processing section "[global]"

Initialising global parameters

directory_create_or_exist_strict: invalid ownership on directory
/var/run/samba4/msg.lock

Processing section "[global]"

cmdline_messaging_context: Unable to initialize messaging context.

lp_load_ex: refreshing parameters

**end of error log**

I tried several different ownerships with no success, also I compared with
old versions. Same thing.

 

The Kerberos helper fails with the following Error log:

 

**start error log**

2019/04/18 18:25:05 kid1| WARNING: negotiateauthenticator #Hlpr1 exited

2019/04/18 18:25:05 kid1| FATAL: The negotiateauthenticator helpers are
crashing too rapidly, need help!

 

2019/04/18 18:25:05 kid1| Squid Cache (Version 4.6): Terminated abnormally.

CPU Usage: 0.105 seconds = 0.053 user + 0.053 sys

Maximum Resident Size: 122672 KB

Page faults with physical i/o: 0

** end error log**

 

 

 

Here is my smb4.conf file, just in case I am using any deprecated/Invalid
configuration.

 

**smb4.conf**

#########################

[global]

workgroup = DOMAIN

realm  = DOMAIN.CORP

client NTLMv2 auth = yes

client lanman auth = no

client plaintext auth = no

idmap config DOMAIN : backend = rid

idmap config DOMAIN : range = 10000-20000

map to guest = never

security = ads

template shell = /bin/bash

winbind offline logon = yes

winbind refresh tickets = yes

winbind nested groups = yes

winbind use default domain = yes

encrypt passwords = yes

log level = 3 passdb:5 winbind:3

usershare allow guests = no

printcap name = /dev/null

load printers = no

printing = bsd

local master = no

kerberos method = secrets and keytab

winbind refresh tickets = yes

 

[homes]

comment = Home Directories

valid users = %s, %D%W%S

browseable = no

read only = no

inherit acls = yes

##############################

 

 

 

**Here the krb5.conf**

############################

[libdefaults]

default_realm = DOMAIN.CORP

    dns_lookup_kdc = yes

    dns_lookup_realm = yes

    ticket_lifetime = 24h

    default_keytab_name = /etc/krb5.keytab

    forwardable = yes

 

    default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5

    default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5

    permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5

 

   DOMAIN.CORP = {

   kdc = kontroldc01.domain.corp

   admin_server = kontroldc01.domain.corp

   default_domain = domain.corp

   }

 

  .domain.corp = DOMAIN.CORP

   domain.corp = DOMAIN.CORP

 

[logging]

  kdc = FILE:/var/log/kdc.log

  admin_server = FILE:/var/log/kadmin.log

  default = FILE:/var/log/krb5lib.log

####################

 

I know it seems something wrong with SQUID, not SAMBA 4.10, but I am just
wondering if I committed any mistake during the configuration process.

Any help will be very welcome and appreciated!

 

Thanks!

Fabricio.

More information about the samba mailing list