Hi, After i reboot the server, none of the wbinfo command works, it says access is denied. it worked after i again joined the machine to the domain using net join command. How do i solve this? Avinash On Tue, Aug 18, 2009 at 9:48 AM, Avinash Rao<avinash.aol@xxxxxxxxx> wrote: > Hi, > > I am able to test wbinfo -a mydomain\\myuser%mypasswd, the output is > as expected. > But, the helpers testing didn't give proper results. > > /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic > mydomain\user password > Doesn't return anything.. if i pressed enter key, i see ERR > > Thanks > Avinash > > > > > > On Mon, Aug 17, 2009 at 9:07 PM, Avinash Rao<avinash.aol@xxxxxxxxx> wrote: >> Chris, >> >> Please don't get bugged, wbinfo -g is working now .. >> wbinfo -g >> BUILTIN\administrators >> BUILTIN\users >> >> and even wbinfo -t >> >> wbinfo -t >> checking the trust secret via RPC calls succeeded >> >> but it didn't give the out "the secret is good" . I have no idea how >> this is working all of a sudden, it didn't work a little while ago! >> >> Regards, >> Avinash >> >> >> >> On Mon, Aug 17, 2009 at 8:58 PM, Avinash Rao<avinash.aol@xxxxxxxxx> wrote: >>> Yes, Squid and Samba(PDC) are running on the same server. >>> >>> wbinfo -g won't work as i have not created any of the NT Domain Groups >>> is that necessary? Coz, i have a very simple samba configuration. >>> >>> I went through the link and made changes to nsswitch conf. >>> >>> wbinfo -set-auth-user=Administrator%'password' >>> Could not lookup sid Administrator%password >>> >>> But, I could join the domain, i just entered net join and entered the >>> current users password and it said joined the domain! >>> wbinfo -u >>> Error looking up domain users >>> >>> Thanks again >>> Avinash >>> >>> >>> >>> On Mon, Aug 17, 2009 at 8:29 PM, Chris >>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>> Right ok, >>>> >>>> So squid is running samba (as a pdc) and squid as a cache? >>>> >>>> Can you try running wbinfo -g, and if that doesn't work, try running wbinfo --set-auth-user=Administrator%'YourPassword' (see: http://www.debian-administration.org/article/Question_Winbind_on_samba_PDC), the run wbinfo -g again >>>> >>>> Kind Regards, >>>> Christopher Boczko >>>> Server Support Analyst - IT Shared Services >>>> HomeServe >>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>> >>>> DDI: 01482 677272 >>>> Mob: 07967 059241 >>>> >>>> www.homeserve.com >>>> www.chemdry.co.uk >>>> >>>> DDI: 01482 677272 >>>> Mob: 07967 059241 >>>> >>>> www.homeserve.com >>>> www.chemdry.co.uk >>>> >>>> >>>> -----Original Message----- >>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>> Sent: 17 August 2009 15:56 >>>> To: Chris Boczko >>>> Subject: Re: Need help in integrating squid and samba >>>> >>>> Yes its on the squid server and its a PDC and the passwd backend is tdbsam >>>> >>>> >>>> >>>> On Mon, Aug 17, 2009 at 8:22 PM, Chris >>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>> This is on the squid server? >>>>> >>>>> Its trying to be a pdc >>>>> >>>>> >>>>> domain logons = yes >>>>> os level = 65 >>>>> prefered master = yes >>>>> domain master = yes >>>>> local master = yes >>>>> >>>>> Kind Regards, >>>>> Christopher Boczko >>>>> Server Support Analyst - IT Shared Services >>>>> HomeServe >>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>>> >>>>> DDI: 01482 677272 >>>>> Mob: 07967 059241 >>>>> >>>>> www.homeserve.com >>>>> www.chemdry.co.uk >>>>> >>>>> DDI: 01482 677272 >>>>> Mob: 07967 059241 >>>>> >>>>> www.homeserve.com >>>>> www.chemdry.co.uk >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>> Sent: 17 August 2009 15:51 >>>>> To: Chris Boczko >>>>> Subject: Re: Need help in integrating squid and samba >>>>> >>>>> smb.conf >>>>> >>>>> [global] >>>>> workgroup = abc >>>>> server string = Samba on SUN >>>>> max log size = 500 >>>>> log level = 1 >>>>> interfaces = eth2 100.100.100.251 >>>>> bind interfaces only = True >>>>> >>>>> log file = /var/log/samba/log.%m >>>>> max log size = 1000 >>>>> >>>>> domain logons = yes >>>>> os level = 65 >>>>> prefered master = yes >>>>> domain master = yes >>>>> local master = yes >>>>> >>>>> winbind uid = 10000-20000 >>>>> winbind gid = 10000-20000 >>>>> winbind use default domain = yes >>>>> >>>>> add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u >>>>> dns proxy =No >>>>> hosts allow = 127. 100.100.100. >>>>> wins support = Yes >>>>> passdb backend = smbpasswd >>>>> >>>>> encrypt passwords = true >>>>> smb passwd file = /etc/samba/smbpasswd >>>>> security = user >>>>> netbios name = sunbox >>>>> username map = /etc/samba/smbusers >>>>> >>>>> [homes] >>>>> comment = Home Dir >>>>> read only = NO >>>>> browseable = NO >>>>> valid users = %S >>>>> path = %H >>>>> directory mask = 0700 >>>>> create mask = 0700 >>>>> >>>>> >>>>> [share] >>>>> comment = test share >>>>> path = /sambashare >>>>> valid users = nimda >>>>> create mask = 0765 >>>>> >>>>> >>>>> Cheers >>>>> Avinash >>>>> >>>>> >>>>> On Mon, Aug 17, 2009 at 8:04 PM, Chris >>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>> Ah, make a little more sense, but i'm afraid my only experience is with windows as a active directory controller and samba linking to that, but i can still take a look at your smb.conf if you would like >>>>>> >>>>>> Kind Regards, >>>>>> Christopher Boczko >>>>>> Server Support Analyst - IT Shared Services >>>>>> HomeServe >>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>>>> >>>>>> DDI: 01482 677272 >>>>>> Mob: 07967 059241 >>>>>> >>>>>> www.homeserve.com >>>>>> www.chemdry.co.uk >>>>>> >>>>>> DDI: 01482 677272 >>>>>> Mob: 07967 059241 >>>>>> >>>>>> www.homeserve.com >>>>>> www.chemdry.co.uk >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>> Sent: 17 August 2009 15:30 >>>>>> To: Chris Boczko >>>>>> Cc: squid-users@xxxxxxxxxxxxxxx >>>>>> Subject: Re: Need help in integrating squid and samba >>>>>> >>>>>> Dear Christopher, >>>>>> >>>>>> Thank you for your reply. >>>>>> >>>>>> I am not using Active Directory, I am using a samba as a PDC (NT4) and >>>>>> its a simple configuration. All clients are WinXP and they login to >>>>>> the domain and i just want to control their access to internet that is >>>>>> all. >>>>>> >>>>>> And there is no other Windows NT domain machine in my network, its >>>>>> just this ubuntu server running squid and samba! >>>>>> >>>>>> If i am right? wbinfo -t will not work coz, i don't have a windows NT >>>>>> domain machine and no trust exists. But, how do i control, restrict or >>>>>> allow internet access for samba domain users through squid? >>>>>> >>>>>> Many Thanks >>>>>> Avinash >>>>>> >>>>>> >>>>>> On Mon, Aug 17, 2009 at 7:50 PM, Chris >>>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>>> Yes, >>>>>>> >>>>>>> If you are using active directory 2000/2003/2008, you'll need to configure krb5 first >>>>>>> >>>>>>> Please see http://ubuntuforums.org/showthread.php?t=91510 , but you only need to follow steps 1-3, then 7-9 >>>>>>> >>>>>>> Then run >>>>>>> >>>>>>> Wbinfo -t to check the trust and >>>>>>> Wbinfo -g to list groups >>>>>>> >>>>>>> Kind Regards, >>>>>>> Christopher Boczko >>>>>>> Server Support Analyst - IT Shared Services >>>>>>> HomeServe >>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>>>>> >>>>>>> DDI: 01482 677272 >>>>>>> Mob: 07967 059241 >>>>>>> >>>>>>> www.homeserve.com >>>>>>> www.chemdry.co.uk >>>>>>> >>>>>>> DDI: 01482 677272 >>>>>>> Mob: 07967 059241 >>>>>>> >>>>>>> www.homeserve.com >>>>>>> www.chemdry.co.uk >>>>>>> >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>>> Sent: 17 August 2009 14:57 >>>>>>> To: Chris Boczko >>>>>>> Subject: Re: Need help in integrating squid and samba >>>>>>> >>>>>>> root@sunbox: net join -U user >>>>>>> Password: >>>>>>> Creation of workstation account failed >>>>>>> Unable to join domain abc >>>>>>> >>>>>>> user@sunbox:/usr/lib/squid$ net join -U user1 >>>>>>> [2009/08/17 19:24:05, 0] passdb/secrets.c:secrets_init(66) >>>>>>> Failed to open /var/lib/samba/secrets.tdb >>>>>>> [2009/08/17 19:24:05, 0] utils/net_rpc.c:rpc_oldjoin_internals(309) >>>>>>> error storing domain sid for abc >>>>>>> >>>>>>> No, I haven't configured krb5. Do we need all this just to control >>>>>>> internet access for samba domain users? >>>>>>> >>>>>>> Avinash >>>>>>> >>>>>>> >>>>>>> On Mon, Aug 17, 2009 at 7:19 PM, Chris >>>>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>>>> Have you run net join on the squid server (from the command line), and have you configured krb5? >>>>>>>> >>>>>>>> Does kinit (user)@(domain).(domain) work? >>>>>>>> >>>>>>>> Kind Regards, >>>>>>>> Christopher Boczko >>>>>>>> >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>>>> Sent: 17 August 2009 14:47 >>>>>>>> To: Chris Boczko >>>>>>>> Subject: Re: Need help in integrating squid and samba >>>>>>>> >>>>>>>> Samba Version: >>>>>>>> >>>>>>>> dpkg -l | grep samba >>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and printer server fo >>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files used by both >>>>>>>> the server a >>>>>>>> >>>>>>>> Ubuntu 8.04 Server 64-bit. >>>>>>>> >>>>>>>> Net Join? You mean from a windows client? I have only winXP clients >>>>>>>> and they are all configured to login to the domain. >>>>>>>> >>>>>>>> Avinash >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Aug 17, 2009 at 7:07 PM, Chris >>>>>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>>>>> Have you tried rejoining the domain using >>>>>>>>> >>>>>>>>> Net join ? >>>>>>>>> >>>>>>>>> Then testing the join with >>>>>>>>> >>>>>>>>> Wbinfo -t >>>>>>>>> >>>>>>>>> Also, which version of debian / samba / ad are you running? >>>>>>>>> >>>>>>>>> Kind Regards, >>>>>>>>> Christopher Boczko >>>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>>>>> Sent: 17 August 2009 14:25 >>>>>>>>> To: squid-users@xxxxxxxxxxxxxxx >>>>>>>>> Subject: Fwd: Need help in integrating squid and samba >>>>>>>>> >>>>>>>>> Thanks for the quick response. >>>>>>>>> And, yes i will install squid using apt-get install command. >>>>>>>>> The basic winbindd functionality "wbinfo -t": is not successful >>>>>>>>> >>>>>>>>> wbinfo -t >>>>>>>>> checking the trust secret via RPC calls failed >>>>>>>>> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) >>>>>>>>> Could not check secret >>>>>>>>> >>>>>>>>> Even, wbinfo -a mydomain\\myuser%mypasswd is unsuccessful >>>>>>>>> >>>>>>>>> Wondering how i should proceed without this? >>>>>>>>> >>>>>>>>> Avinash >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Aug 17, 2009 at 1:15 PM, Amos Jeffries<squid3@xxxxxxxxxxxxx> wrote: >>>>>>>>>> [re-inserting squid-users mailing list] >>>>>>>>>> >>>>>>>>>> Avinash Rao wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx >>>>>>>>>>> <mailto:squid3@xxxxxxxxxxxxx>> wrote: >>>>>>>>>>> >>>>>>>>>>> Avinash Rao wrote: >>>>>>>>>>> >>>>>>>>>>> Dear all, >>>>>>>>>>> >>>>>>>>>>> I am new here and i would like to know the correct procedure for >>>>>>>>>>> compiling squid to integrate with samba. >>>>>>>>>>> I am doing this on a Ubuntu 8.04 Server 64-bit edition and i >>>>>>>>>>> have all >>>>>>>>>>> the updates installed. Infact, i have installed samba through >>>>>>>>>>> apt-get >>>>>>>>>>> install and is configured as a PDC. >>>>>>>>>>> >>>>>>>>>>> dpkg -l | grep samba >>>>>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and >>>>>>>>>>> printer server fo >>>>>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files used >>>>>>>>>>> by both >>>>>>>>>>> the server a >>>>>>>>>>> >>>>>>>>>>> I am in need of controlling internet access for samba domain users >>>>>>>>>>> through squid. I read the documentation and it says Squid must be >>>>>>>>>>> built with the configure options: >>>>>>>>>>> >>>>>>>>>>> --enable-auth="ntlm,basic" >>>>>>>>>>> --enable-basic-auth-helpers=" >>>>>>>>>>> winbind" >>>>>>>>>>> --enable-ntlm-auth-helpers="winbind" >>>>>>>>>>> >>>>>>>>>>> According to the documentation, >>>>>>>>>>> -------- >>>>>>>>>>> Samba 3.x >>>>>>>>>>> --------- >>>>>>>>>>> Things are much easier under the 3.x versions of Samba. Smbd is no >>>>>>>>>>> longer required to manage the machine's trust account, and there >>>>>>>>>>> is >>>>>>>>>>> no need to patch any utilities. >>>>>>>>>>> The Samba team has incorporated functionality to change the machine >>>>>>>>>>> trust account password in the new "net" command. A simple daily >>>>>>>>>>> cron >>>>>>>>>>> job scheduling "net rpc changetrustpw" is all that is needed. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I went through the squid documentation and the configure options >>>>>>>>>>> are >>>>>>>>>>> vast. All i want is normal squid operations but with samba >>>>>>>>>>> integration. Do I have to specify other options for normal squid >>>>>>>>>>> operations?? What is the correct procedure and which version of >>>>>>>>>>> squid >>>>>>>>>>> suits well for the version of samba i am using? I have used >>>>>>>>>>> squid but >>>>>>>>>>> never compiled. My requirement with samba is PDC, winxp clients, >>>>>>>>>>> users home directories are mapped as they login to the domain, a >>>>>>>>>>> common share for all users and a printer if needed. >>>>>>>>>>> >>>>>>>>>>> Many Thanks, >>>>>>>>>>> Avinash >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This covers the NTLM auth via Samba requirements. >>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm >>>>>>>>>>> >>>>>>>>>>> This covers the Active Directory (kerberos/negotiate auth) >>>>>>>>>>> requirements: >>>>>>>>>>> >>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Amos >>>>>>>>>>> -- Please be using >>>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 >>>>>>>>>>> Current Beta Squid 3.1.0.13 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Amos, >>>>>>>>>>> >>>>>>>>>>> Thanks for the reply. >>>>>>>>>>> >>>>>>>>>>> I read the documentation, and it says, " >>>>>>>>>>> >>>>>>>>>>> As Samba-3.x has it's own authentication helper there is no need to build >>>>>>>>>>> any of the Squid authentication helpers for use with Samba-3.x (and the >>>>>>>>>>> helpers provided by Squid won't work if you do). You do however need to >>>>>>>>>>> enable support for the NTLM scheme if you plan on using this. Also you may >>>>>>>>>>> want to use the wbinfo_group helper for group lookups >>>>>>>>>>> >>>>>>>>>>> --enable-auth="ntlm,basic" >>>>>>>>>>> --enable-external-acl-helpers="wbinfo_group" >>>>>>>>>>> >>>>>>>>>>> Does this mean that squid has to be compiled with the above options? I >>>>>>>>>>> am sorry if this sounds very basic. Also, my requirement, i should be able >>>>>>>>>>> to restrict few users samba users from accessing the internet through at >>>>>>>>>>> certain times and not necessary authentication. Will the above options >>>>>>>>>>> help. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Avinash >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> The Squid packages available for Ubuntu already have those helpers built-in >>>>>>>>>> and installed along with the package. All you need is the configuration file >>>>>>>>>> changes. >>>>>>>>>> >>>>>>>>>> If you are building your own Squid from raw source code, you may need to add >>>>>>>>>> them. >>>>>>>>>> >>>>>>>>>> For someone who does not know the very basics I would seriously advise >>>>>>>>>> staying with the pre-packaged versions of Squid until you know what you are >>>>>>>>>> doing. >>>>>>>>>> --> apt-get install squid >>>>>>>>>> >>>>>>>>>> Then change the /etc/squid.conf file as needed. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Amos >>>>>>>>>> -- >>>>>>>>>> Please be using >>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 >>>>>>>>>> Current Beta Squid 3.1.0.13 >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
