Hi Roman! Your hint helped me to solve one problem: the kernel error messages... changing the SE Linux config to permissive, made those error messages disappear. Thank you! Other thing i found out was that the problem i had was caused by an update on domain controllers. That was the Update Rollup 1 for MS Windows 2003 servers, if i'm not mistaken... has anybody noticed this kind of problem or any other like that? The removal of this update made the errors stop. By the way, now other error is happening. my wbinfo is bringing some crap when getting the users and groups. Instead of bringing USER and GROUP only, it brings DOMAIN_NAMErUSER and DOMAIN_NAMErGROUP, causing malfunction on wbinfo when checking the groups. Any query about users and groups by wbinfo program shows these wrong informations. I have even tried to put the same wbinfo that works well on other server, replacing the bad one, but nothing changed. Is there any way to verify why is it happening? Again, any help would be very appreciated... thanks to anyone! André --- Roman Rathler <squidlist@xxxxxxxxxxxxxx> escreveu: > Have you set your SElinux state to enforcing? this > could cause the > kernel to not allow squid to access winbind! > check with setenforce permissive if the problem > persists! > > cheers > > André Marques wrote: > > >Hello to all! :) > > > >I'm experiencing some troubles on one of my > enterprise > >proxy servers, which runs Squid 2.5 STABLE10. It > was > >working very well, but suddenly started to log > these > >kind of messages the "messages" log file: > > > >Jul 26 11:28:05 server1 logger: Script:Got user1 > >GROUP1 from squid > >Jul 26 11:28:05 server1 winbindd[31811]: > [2005/07/26 > >11:28:05, 0] lib/util_sid.c:string_to_sid(301) > >Jul 26 11:28:05 server1 winbindd[31811]: > >string_to_sid: Sid Could not lookup name GRUPO1 > does > >not start with 'S-'. > >Jul 26 11:28:05 server1 logger: Script:User: > -USER1- > >Group: -GRUPO1- SID: -Could not lookup name > GRUPO1- > >GID: -Could not convert sid Could not lookup name > >GRUPO1 to gid- > >Jul 26 11:28:05 server1 logger: Script:Sending ERR > to > >squid > >Jul 26 11:28:45 server1 kernel: > >audit(1122388125.215:0): avc: denied { search } > for > >pid=517 exe=/usr/bin/perl > >scontext=root:system_r:httpd_sys_script_t > >tcontext=system_u:object_r:sysctl_kernel_t > tclass=dir > >Jul 26 11:28:45 server1 kernel: > >audit(1122388125.215:0): avc: denied { search } > for > >pid=517 exe=/usr/bin/perl name=sys dev=proc > >ino=-268435431 > >scontext=root:system_r:httpd_sys_script_t > >tcontext=system_u:object_r:sysctl_t tclass=dir > > > >These messages vary on its appearance, but they're > >often like those i put above. > > > >It seems that it tries to search for an USER1 on > AD, > >through wbinfo, but doesn't find it, even existing > >this user. The result for "wbinfo -t" is ok, but > when > >i try to get wbinfo -n "USER1", it shows this error > >message: > > > >Could not lookup name USER1 > > > >I think that the fact of it doesn't convert the SID > >for the user is generating the errors on the > >"messages" log file, but on "smb.conf" file, the > >password server is listed ok and nothing has > changed > >on this file recently. These error are causing > >instability on the proxy server, making it ask for > a > >password sometimes or even not permitting the > access > >to some users. > > > >So, i would be grateful for any help you can give > me > >for i can fix it. I'm working with Fedora Core 3, > >Samba and Winbind Version 3.0.10-1.fc3. > > > >I'll be available for any further information you > may > >need. Thanks! > > > > > >André > > > > > > > > > > > > > > > > > > > > > >_______________________________________________________ > > >Yahoo! Acesso Grátis - Internet rápida e grátis. > >Instale o discador agora! > http://br.acesso.yahoo.com/ > > > > > > __________________________________________________ Converse com seus amigos em tempo real com o Yahoo! Messenger http://br.download.yahoo.com/messenger/