Search squid archive

Re: Problem with Winbind

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



André Marques wrote:

Hi Roman!

Your hint helped me to solve one problem: the kernel
error messages... changing the SE Linux config to
permissive, made those error messages disappear. Thank
you!

Other thing i found out was that the problem i had was
caused by an update on domain controllers. That was
the Update Rollup 1 for MS Windows 2003 servers, if
i'm not mistaken... has anybody noticed this kind of
problem or any other like that? The removal of this
update made the errors stop.

I also use Windows 2003 Servers with the mentioned patches without problems... mainly on CentOS with samba-common-3.0.14a-2 patchlevel! Be sure to have the latest krb5 packages for your distrubition also...

By the way, now other error is happening. my wbinfo is
bringing some crap when getting the users and groups.
Instead of bringing USER and GROUP only, it brings
DOMAIN_NAMErUSER and DOMAIN_NAMErGROUP, causing
malfunction on wbinfo when checking the groups.

If you only use 1 domain, then enable winbind use default domain in your samba config, then the domain fields shouldn't be there!

Any query about users and groups by wbinfo program
shows these wrong informations. I have even tried to
put the same wbinfo that works well on other server,
replacing the bad one, but nothing changed. Is there
any way to verify why is it happening?

Again, any help would be very appreciated... thanks to
anyone!


André



--- Roman Rathler <squidlist@xxxxxxxxxxxxxx> escreveu:

Have you set your SElinux state to enforcing? this
could cause the kernel to not allow squid to access winbind!
check with setenforce permissive if the problem
persists!

cheers

André Marques wrote:

Hello to all! :)

I'm experiencing some troubles on one of my
enterprise
proxy servers, which runs Squid 2.5 STABLE10. It
was
working very well, but suddenly started to log
these
kind of messages the "messages" log file:

Jul 26 11:28:05 server1 logger: Script:Got user1
GROUP1 from squid
Jul 26 11:28:05 server1 winbindd[31811]:
[2005/07/26
11:28:05, 0] lib/util_sid.c:string_to_sid(301) Jul 26 11:28:05 server1 winbindd[31811]: string_to_sid: Sid Could not lookup name GRUPO1
does
not start with 'S-'. Jul 26 11:28:05 server1 logger: Script:User:
-USER1-
Group: -GRUPO1- SID:   -Could not lookup name
GRUPO1-
GID:   -Could not convert sid Could not lookup name
GRUPO1 to gid-
Jul 26 11:28:05 server1 logger: Script:Sending ERR
to
squid
Jul 26 11:28:45 server1 kernel:
audit(1122388125.215:0): avc:  denied  { search }
for
pid=517 exe=/usr/bin/perl
scontext=root:system_r:httpd_sys_script_t
tcontext=system_u:object_r:sysctl_kernel_t
tclass=dir
Jul 26 11:28:45 server1 kernel:
audit(1122388125.215:0): avc:  denied  { search }
for
pid=517 exe=/usr/bin/perl name=sys dev=proc
ino=-268435431
scontext=root:system_r:httpd_sys_script_t
tcontext=system_u:object_r:sysctl_t tclass=dir

These messages vary on its appearance, but they're
often like those i put above.

It seems that it tries to search for an USER1 on
AD,
through wbinfo, but doesn't find it, even existing
this user. The result for "wbinfo -t" is ok, but
when
i try to get wbinfo -n "USER1", it shows this error
message:

Could not lookup name USER1

I think that the fact of it doesn't convert the SID
for the user is generating the errors on the
"messages" log file, but on "smb.conf" file, the
password server is listed ok and nothing has
changed
on this file recently. These error are causing
instability on the proxy server, making it ask for
a
password sometimes or even not permitting the
access
to some users.

So, i would be grateful for any help you can give
me
for i can fix it. I'm working with Fedora Core 3,
Samba and Winbind Version 3.0.10-1.fc3.

I'll be available for any further information you
may
need. Thanks!


André







	
	
		
_______________________________________________________

Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora!
http://br.acesso.yahoo.com/





__________________________________________________
Converse com seus amigos em tempo real com o Yahoo! Messenger http://br.download.yahoo.com/messenger/


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux