I found strange solution: stop squid&windbind rm -rf /var/db/samba/winbindd_privileged start winbind chown :squid /var/db/samba/winbindd_privileged And problem disappeared. 2010/9/1 c0re <nr1c0re@xxxxxxxxx>: > Hello squid users! > > I've got squid+winbind ntlm auth. > But sometimes I see this in log /var/log/samba/log.winbindd > > [2010/09/01 12:39:11, 2] winbindd/winbindd_pam.c:winbindd_pam_auth_crap(1754) > winbindd_pam_auth_crap: non-privileged access denied. ! > winbindd_pam_auth_crap: Ensure permissions on > /var/db/samba/winbindd_privileged are set correctly. > > About 1k users. > Sometimes some user can see proxy auth window asking for credentials in IE6. > User can just press ESC and do not enter any credentials, all goes OK. > That window means that some ntlm auth problem occurs. > In log I see only those message above about winbindd_privileged. > > freebsd 7.3 > squid 3.1.7 > samba-3.3.10 > > In squid.conf > no cache_effective_group option configured > auth_param ntlm program /usr/local/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 150 > > Using cachemgr.cgi and looking at "NTLM User Authenticator Stats" I > see only 32 redirectors has changed "# Request" counters, that means > that not all 150 redirectors used so it's not redirector problem. > > # ls -l /var/db/samba/ | grep winbindd_privileged > drwxrwx--- 2 root squid 512 Aug 22 13:58 winbindd_privileged > > # ls -l /var/db/samba/winbindd_privileged/ > srwxrwxrwx 1 root squid 0 Aug 22 13:58 pipe > > What can be wrong? If there were incorrect permissions no one can auth > via ntlm, but all users can authorize and walk in internet. I can't > find why sometime those auth window appears and why those message > about "permissions" appears in log. > > Thanks in advance! >
