Hi,
I keep getting this error when I tryin to authenticate agains a Windows
dominan controller :
=====================================================================
ezorrilla's password:
[2010/06/16 11:32:35, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password ezorrilla@xxxxxxxxxx failed: Client not found in
Kerberos database
Failed to join domain: Improperly formed account name
ADS join did not work, falling back to RPC...
Could not connect to server dfgstrad01.stores.dfg.com
The username or password was not correct.
Could not connect to server dfgstrad01.stores.dfg.com
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
[root@nmmsquid samba]#
=====================================================================
Do you know what could be the issue here ?.,
Thanks.
----- Original Message -----
From: "Murilo Moreira de Oliveira" <murilo.moreira@xxxxxxxxx>
To: "Edouard Zorrilla" <ezorrilla@xxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, June 15, 2010 7:05 AM
Subject: Re: Join Squid to Windows Domain Controller :
Configuring Squid for NTLM with Winbind Authentication on CentOS 5
Hello. Follow bellow the steps I've used to get NTLM authentication working.
1.# yum -y install authconfig krb5-workstation samba-common
2.[root@proxyweb ~]# authconfig --enableshadow --enablemd5
--passalgo=md5 --krb5kdc=AD_SERVER.YOUR.FULL.DOMAIN
--krb5realm=YOUR.FULL.DOMAIN --smbservers=AD_SERVER.YOUR.FULL.DOMAIN
--smbworkgroup=YOUR_AD_GROUP --enablewinbind --enablewinbindauth
--smbsecurity=ads --smbrealm=YOUR.FULL.DOMAIN
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431"
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain
--disablewinbindoffline --winbindjoin=SOME_DOMAIN_ADMIN --disablewins
--disablecache --enablelocauthorize --updateall
3.# wbinfo --set-auth-user=YOUR_PROXY_USER%YOUR_PROXY_USER_PASSWORD
This is the user that proxy will use to validate users credentials.
4.# chown root:squid /var/cache/samba/winbindd_privileged
2010/6/14 Edouard Zorrilla <ezorrilla@xxxxxxxxxx>:
Hi Guys,
Did anyone make it works ? :
http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5
# authconfig --enableshadow --enablemd5 --passalgo=md5
--krb5kdc=ads.example.local \
--krb5realm=EXAMPLE.LOCAL --smbservers=ads.example.local
--smbworkgroup=EXAMPLE \
--enablewinbind --enablewinbindauth --smbsecurity=ads
--smbrealm=EXAMPLE.LOCAL \
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431"
--winbindseparator="+" \
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain
--disablewinbindoffline \
--winbindjoin=Administrator --disablewins --disablecache
--enablelocauthorize --updateall
I just want to authenticate against a Windows Domain Controller but no
luck
yet, could someone give one advice how can I do that ?. Maybe I am going
through the wrong path, I want to use the NTLM since as far as I have seen
this is best way I can do that.
The error that I get is :
[2010/06/14 16:39:42, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password user@xxxxxxxxxxx failed: Client not found in
Kerberos database
Any help would be greatly appreciated.
Thanks.,
