Well chown nobody /usr/local/samba-3.0.10/var/locks/winbindd_privileged This solved the thing. We can't change the perms cause it's a socket, so it's better to change the owner to the user which runs squid. Cya Qua, 2005-02-16 às 16:00 +0000, Paulo Pires escreveu: > Hi list > > For the last year I've installed several squid proxies, which > authenticate themselves against NT Domains. Each domain is primarly > controlled by a Samba PDC (at the moment, Samba-3.0.10) and I have no > problems at all. Since Monday, I've tried unsuccessfully to get a > squid-2.5-stable8 to run with samba-3.0.11 against a Windows 2003 PDC. > > Here's the steps: > > * compile and install samba with winbind and pam support > * configure smb.conf > + workgroup > + password server > + security=domain > + winbind settings > * cp nsswitch/libnss_winbind.so /lib && ln > -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 > * start samba > * net rpc join -S PDC_NAME -w DOMAIN -U user_with_perms > * restart samba > * change /etc/nsswitch.conf > * samba tests > + wbinfo -u /-g /-t > > * compile and install squid > + --prefix=/usr/local/squid-x.xx-yyy --enable-carp --enable-delay-pools > --enable-kill-parent-hack --enable-ssl --enable-auth="ntlm,basic" > --enable-external-acl-helpers="wbinfo_group" > > * squid + winbind tests > + ntlm_auth --helper-protocol=squid-2.5-basic -> user password OK > > Everything is ok, it should be working. I then restart samba, and start > squid, and when configuring a client browser (IE, Firefox,...) it > returns the following: > > [2005/02/16 15:46:06, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) > winbindd_pam_auth_crap: non-privileged access denied. ! > winbindd_pam_auth_crap: Ensure permissions > on /usr/local/samba-3.0.10/var/locks/winbindd_privileged are set > correctly. > [2005/02/16 15:46:06, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) > NTLM CRAP authentication for user [(null)]\[(null)] returned > NT_STATUS_ACCESS_DENIED (PAM: 4) > > > Squid is running as nobody.nogroup, but I've got this conf on other > proxies and never had any problem. I've been to #squid and #samba @ > freenode.net but no one ever gave me a good tip about this, so I'm > really cracking my head up. > > > Thanks in advance, > Paulo Pires >
