-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/01/2015 11:51 p.m., Rietzler, Markus (RZF, SG 324 / <RIETZLER_SOFTWARE>) wrote: > tow more additions: > > check the user squid is running, is this user able to access > ntlm_auth. we also had to correct access rights for > > /var/lib/samba/winbindd_privilege > > so that our squid-user "www" will be able to use it... FYI: You should never have to touch the pivileges on the /var/lib/samba/winbindd_privilege directory. In fact if you do Samba will at some point reset them to correct values and Squid access breaks again. What is *required* is that 1) the Squid user account be a member of the Samba winbindd_priv group which has read access to that path and 2) the cache_effective_group parameter is *absent* from squid.conf. Using that directive will remove the group membership permissions required for winbind access. NP: the RHEL official packages for years had a patch which hard-coded a value for cache_effective_group which made it impossible to integrate Squid and Samba winbind in the correct way. A custom built package is required to get around that. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUuQ8bAAoJELJo5wb/XPRj2RMH+wavFBqNPU+as7OysRJjhTtw vWemsV569Lk5hNs2iuW/s7B/jaiE/rIwDUnEhRGCW4imVXtHytjFWBAQoK5re63a lAfB70RJaoyom+Fj89B2TUtLHQ+8bWESzVHdFzmg4sSmh+DCqHWgi5QjJ6DMSyvG OCn4AYwWDvYloPBJCZ2IvOK52Ig5YBzvCCPOsxDFNO4EYZu/Rsmy1M8Fqj0SgFVW zkkqYaSQq5aznjLO2G+UYTGFcFG6Zh/0akELmGBYJsc2vjERLBmvMkFnpAOYPLbh dA0tFI+ei6+M35dU5IKpxIBHknTfY5bH6HgKcMP0zAv7LnLkfDbf2gG2ia4AKEQ= =f3e5 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
