[Samba] samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder

Suporte - KONTROL suporte at kontrolsecurity.com.br
Sat Apr 20 21:56:45 UTC 2019

Hi Rowland

Appreciate the message and the tips.
I updated my smb file, although the Kerberos error still showing up.

Thanks Anyway.


-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Friday, April 19, 2019 4:45 AM
To: samba at lists.samba.org
Subject: Re: [Samba] samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder

On Thu, 18 Apr 2019 18:33:03 -0300
Kontrol-Suporte via samba <samba at lists.samba.org> wrote:

> Hello everyone,
> Just made a brand new installation of the Samba 4.10 for FreeBSD (got 
> it from FreeNAS project) and it worked very well but I am facing some 
> issues while working with it + Squid 4.6
> Here is the thing.  I could Join the machine to my Domain with 
> absolutely no problems. I also created the Kerberos keytab, etc.
> For some reason, the Squid Helpers are showing an error message, like 
> the one below.
> Although, NTLM helper is working fine and authenticating with no 
> errors, Kerberos helper is not working at all and it fails crashing 
> the Squid as it Terminated abnormally.
> Here is my smb4.conf file, just in case I am using any 
> deprecated/Invalid configuration.

Not so much deprecated or invalid, but un-needed/missing ?

Remove the defaults:

    workgroup = DOMAIN
    realm  = DOMAIN.CORP
    security = ads

    idmap config DOMAIN : backend = rid
    idmap config DOMAIN : range = 10000-20000

    template shell = /bin/bash
    winbind offline logon = yes
    winbind refresh tickets = yes
    winbind use default domain = yes
    log level = 3 passdb:5 winbind:3
    printcap name = /dev/null
    load printers = no
    printing = bsd
    local master = no
    kerberos method = secrets and keytab

    comment = Home Directories
    valid users = %s, %D%W%S
    browseable = no
    read only = no
    inherit acls = yes

The missing:

    idmap config * : backend = tdb
    idmap config * : range = 3999-7999 

> I know it seems something wrong with SQUID, not SAMBA 4.10, but I am 
> just wondering if I committed any mistake during the configuration 
> process.

The probably missing (part 2):

    ntlm auth = mschapv2-and-ntlmv2-only

Not sure what Samba version you used last, but NTLMv1 is now turned off by default.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list