HI all,
I again fall into the problem which I faced earlier. Sudden pop up
authentication
window. It was completely ok and was running without any hitch for
last 4/5 months.
But last day after a restart of the machine made this happen. I now
can't find out what is the problem
Last time I did a lot of change and modification and something was
there that did worked.
But this restart made things bad.
Now I am gettings this error:
[root@proxy ~]# tail -1000 /usr/local/squid/var/logs/cache.log |grep failed
Login for user [DOMAINNAME]\[ad-username]@[PC-4321] failed due to
[Reading winbind reply failed!]
Login for user [DOMAINNAME]\[ad-username]@[PC-1352] failed due to
[Reading winbind reply failed!]
Login for user [DOMAINNAME]\[ad-username]@[PC-1352] failed due to
[Reading winbind reply failed!]
I am using RHEL4 update 2; 64 bit.
Squid:
Squid Cache: Version 3.0.STABLE9
configure options: '--enable-auth=ntlm,basic' '--with-winbind-auth-challenge'
DG was also configured 2.9.9.8.
Samba and winbind are default with OS which is
samba-common-3.0.10-1.4E.2
samba-common-3.0.10-1.4E.2
samba-client-3.0.10-1.4E.2
samba-3.0.10-1.4E.2
samba.conf
----------
[global]
workgroup = DOMAINNAME
netbios name = proxy
realm = DOMAINNAME.COM
server string = Linux Samba Server
security = ads
encrypt passwords = Yes
password server = 10.10.xx.xx
log file = /usr/local/samba/var/%m.log
max log size = 50
log level = 3
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = False
local master = No
domain master = False
dns proxy = No
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
krb5.conf
---------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAINNAME.COM
ticket_lifetiime = 600
[realms]
DOMAINNAME.COM = {
kdc = 10.10.xx.xx
kdc = 10.10.xx.xx
kdc = abc.domainname.com
kdc = def.domainname.com
admin_server = abc.domainname.com
default_domain = DOMAINNAME.COM
}
[domain_realm]
.domainname.com = DOMAINNAME.COM
domainname.com = DOMAINNAME.COM
[kdc]
profile = /var/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
nsswitch.conf
-------------
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files dns
protocols: db files
services: db files
ethers: db files
rpc: db files
wbinfo -u and wbinfo -g works. ntlm_auth --username=ad-username also
works. wbinfo -t also works but takes around 2 minutes to give the
ourput
"checking the trust secret via RPC calls succeeded".
klist also shows the ticket.
Please help with any idea what could be gone wrong. This pop up window
of authentication is a pain. If you click ESC then it gives a page
with cache Access Denied.
But again if you click on Refresh then it works.
