[Samba] samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder

Suporte - KONTROL suporte at kontrolsecurity.com.br
Sat Apr 20 21:56:45 UTC 2019


Hi Rowland

Appreciate the message and the tips.
I updated my smb file, although the Kerberos error still showing up.

Thanks Anyway.

Fabricio.

-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Friday, April 19, 2019 4:45 AM
To: samba at lists.samba.org
Subject: Re: [Samba] samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder

On Thu, 18 Apr 2019 18:33:03 -0300
Kontrol-Suporte via samba <samba at lists.samba.org> wrote:

> Hello everyone,
> 
> Just made a brand new installation of the Samba 4.10 for FreeBSD (got 
> it from FreeNAS project) and it worked very well but I am facing some 
> issues while working with it + Squid 4.6
> 
> Here is the thing.  I could Join the machine to my Domain with 
> absolutely no problems. I also created the Kerberos keytab, etc.
> 
> For some reason, the Squid Helpers are showing an error message, like 
> the one below.
> 
> Although, NTLM helper is working fine and authenticating with no 
> errors, Kerberos helper is not working at all and it fails crashing 
> the Squid as it Terminated abnormally.
> 
>  
> 
> Here is my smb4.conf file, just in case I am using any 
> deprecated/Invalid configuration.

Not so much deprecated or invalid, but un-needed/missing ?

Remove the defaults:

[global]
    workgroup = DOMAIN
    realm  = DOMAIN.CORP
    security = ads

    idmap config DOMAIN : backend = rid
    idmap config DOMAIN : range = 10000-20000

    template shell = /bin/bash
    winbind offline logon = yes
    winbind refresh tickets = yes
    winbind use default domain = yes
    log level = 3 passdb:5 winbind:3
    printcap name = /dev/null
    load printers = no
    printing = bsd
    local master = no
    kerberos method = secrets and keytab

[homes]
    comment = Home Directories
    valid users = %s, %D%W%S
    browseable = no
    read only = no
    inherit acls = yes

The missing:

    idmap config * : backend = tdb
    idmap config * : range = 3999-7999 

>  
> 
> I know it seems something wrong with SQUID, not SAMBA 4.10, but I am 
> just wondering if I committed any mistake during the configuration 
> process.

The probably missing (part 2):

    ntlm auth = mschapv2-and-ntlmv2-only

Not sure what Samba version you used last, but NTLMv1 is now turned off by default.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list