Re: Problem with Winbind

[Roman Rathler <squidlist@xxxxxxxxxxxxxx>]

André Marques wrote:

> Hi Roman!
>
> Your hint helped me to solve one problem: the kernel
> error messages... changing the SE Linux config to
> permissive, made those error messages disappear. Thank
> you!
>
> Other thing i found out was that the problem i had was
> caused by an update on domain controllers. That was
> the Update Rollup 1 for MS Windows 2003 servers, if
> i'm not mistaken... has anybody noticed this kind of
> problem or any other like that? The removal of this
> update made the errors stop.
>
>  
I also use Windows 2003 Servers with the mentioned patches without 
problems... mainly on CentOS with samba-common-3.0.14a-2 patchlevel! Be 
sure to have the latest krb5 packages for your distrubition also...

> By the way, now other error is happening. my wbinfo is
> bringing some crap when getting the users and groups.
> Instead of bringing USER and GROUP only, it brings
> DOMAIN_NAMErUSER and DOMAIN_NAMErGROUP, causing
> malfunction on wbinfo when checking the groups.
>
>  
If you only use 1 domain, then enable winbind use default domain in your 
samba config, then the domain fields shouldn't be there!

> Any query about users and groups by wbinfo program
> shows these wrong informations. I have even tried to
> put the same wbinfo that works well on other server,
> replacing the bad one, but nothing changed. Is there
> any way to verify why is it happening?
>
> Again, any help would be very appreciated... thanks to
> anyone!
>
>
> André
>
>
>
> --- Roman Rathler <squidlist@xxxxxxxxxxxxxx> escreveu:
>
>  
>
> > Have you set your SElinux state to enforcing? this
> > could cause the 
> > kernel to not allow squid to access winbind!
> > check with setenforce permissive if the problem
> > persists!
> >
> > cheers
> >
> > André Marques wrote:
> >
> >    
> >
> > > Hello to all! :)
> > >
> > > I'm experiencing some troubles on one of my
> > >      
> > enterprise
> >    
> >
> > > proxy servers, which runs Squid 2.5 STABLE10. It
> > >      
> > was
> >    
> >
> > > working very well, but suddenly started to log
> > >      
> > these
> >    
> >
> > > kind of messages the "messages" log file:
> > >
> > > Jul 26 11:28:05 server1 logger: Script:Got user1
> > > GROUP1 from squid
> > > Jul 26 11:28:05 server1 winbindd[31811]:
> > >      
> > [2005/07/26
> >    
> >
> > > 11:28:05, 0] lib/util_sid.c:string_to_sid(301) 
> > > Jul 26 11:28:05 server1 winbindd[31811]:  
> > > string_to_sid: Sid Could not lookup name GRUPO1
> > >      
> > does
> >    
> >
> > > not start with 'S-'. 
> > > Jul 26 11:28:05 server1 logger: Script:User: 
> > >      
> > -USER1-
> >    
> >
> > > Group: -GRUPO1- SID:   -Could not lookup name
> > >      
> > GRUPO1-
> >    
> >
> > > GID:   -Could not convert sid Could not lookup name
> > > GRUPO1 to gid-
> > > Jul 26 11:28:05 server1 logger: Script:Sending ERR
> > >      
> > to
> >    
> >
> > > squid
> > > Jul 26 11:28:45 server1 kernel:
> > > audit(1122388125.215:0): avc:  denied  { search }
> > >      
> > for 
> >    
> >
> > > pid=517 exe=/usr/bin/perl
> > > scontext=root:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_kernel_t
> > >      
> > tclass=dir
> >    
> >
> > > Jul 26 11:28:45 server1 kernel:
> > > audit(1122388125.215:0): avc:  denied  { search }
> > >      
> > for 
> >    
> >
> > > pid=517 exe=/usr/bin/perl name=sys dev=proc
> > > ino=-268435431
> > > scontext=root:system_r:httpd_sys_script_t
> > > tcontext=system_u:object_r:sysctl_t tclass=dir
> > >
> > > These messages vary on its appearance, but they're
> > > often like those i put above.
> > >
> > > It seems that it tries to search for an USER1 on
> > >      
> > AD,
> >    
> >
> > > through wbinfo, but doesn't find it, even existing
> > > this user. The result for "wbinfo -t" is ok, but
> > >      
> > when
> >    
> >
> > > i try to get wbinfo -n "USER1", it shows this error
> > > message:
> > >
> > > Could not lookup name USER1
> > >
> > > I think that the fact of it doesn't convert the SID
> > > for the user is generating the errors on the
> > > "messages" log file, but on "smb.conf" file, the
> > > password server is listed ok and nothing has
> > >      
> > changed
> >    
> >
> > > on this file recently. These error are causing
> > > instability on the proxy server, making it ask for
> > >      
> > a
> >    
> >
> > > password sometimes or even not permitting the
> > >      
> > access
> >    
> >
> > > to some users.
> > >
> > > So, i would be grateful for any help you can give
> > >      
> > me
> >    
> >
> > > for i can fix it. I'm working with Fedora Core 3,
> > > Samba and Winbind Version 3.0.10-1.fc3.
> > >
> > > I'll be available for any further information you
> > >      
> > may
> >    
> >
> > > need. Thanks!
> > >
> > >
> > > André
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 	
> > > 	
> > > 		
> > >      
> > _______________________________________________________
> >
> >    
> >
> > > Yahoo! Acesso Grátis - Internet rápida e grátis. 
> > > Instale o discador agora!
> > >      
> > http://br.acesso.yahoo.com/
> >    
> >
> > >      
> >    
>
>
>
> __________________________________________________
> Converse com seus amigos em tempo real com o Yahoo! Messenger 
> http://br.download.yahoo.com/messenger/ 
>