Hi,
I have the following problem with squid3 (3.1) on samba4:
In /var/log/squid3/cache.log appear this information:
2015/11/29 23:53:53| storeLateRelease: released 0 objects
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name domain^users
failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
Could not convert sid to gid
The followings commands returned "Success"
wbinfo -g
wbinfo -u
wbinfo -i <domainuser>
getent passwd
kinit user@DOMAIN
klist -l
hostname -f
hostname -d
hostname -s
net ads testjoin
ntlm_auth --help-protocol=squid-2.5-basic --domain=empresa --username=domain-user
Here is my smb.conf
[global]
netbios name = DC1
workgroup = EMPRESA
security = ads
realm = EMPRESA.COM
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
preferred master = no
idmap config *:backend = tdb
idmap config *:range = 1000-3000
idmap config CMB:backend = ad
idmap config CMB:schema_mode = rfc2307
idmap config CMB:range = 10000-9999999
winbind nss info = rfc2307
winbind trusted domains _only_ = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
username map = /etc/samba/user.map
Following the authentication block of my squid.conf
...
# NTLM
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm keep_alive on
# BASIC
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm "WEB PROXY"
auth_param basic credentialsttl 8 hours
external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl
...
My krb5.conf
#KERBEROS
[libdefaults]
default_realm = EMPRESA.COM
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 24h
[realms]
EMPRESA.COM = {
kdc = DC1.EMPRESA.COM:88
kdc = DC2.EMPRESA.COM:88
admin_server = DC1.EMPRESA.COM:464
default_domain = EMPRESA.COM
}
[domain_realm]
.empresa.com = EMPRESA.COM
empresa.com = EMPRESA.COM
empresa = EMPRESA.COM
[login]
krb4_convert = true
krb4_get_tickets = false
Does anyone have any idea?
Regards,I have the following problem with squid3 (3.1) on samba4:
In /var/log/squid3/cache.log appear this information:
2015/11/29 23:53:53| storeLateRelease: released 0 objects
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name domain^users
failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
Could not convert sid to gid
The followings commands returned "Success"
wbinfo -g
wbinfo -u
wbinfo -i <domainuser>
getent passwd
kinit user@DOMAIN
klist -l
hostname -f
hostname -d
hostname -s
net ads testjoin
ntlm_auth --help-protocol=squid-2.5-basic --domain=empresa --username=domain-user
Here is my smb.conf
[global]
netbios name = DC1
workgroup = EMPRESA
security = ads
realm = EMPRESA.COM
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
preferred master = no
idmap config *:backend = tdb
idmap config *:range = 1000-3000
idmap config CMB:backend = ad
idmap config CMB:schema_mode = rfc2307
idmap config CMB:range = 10000-9999999
winbind nss info = rfc2307
winbind trusted domains _only_ = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
username map = /etc/samba/user.map
Following the authentication block of my squid.conf
...
# NTLM
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm keep_alive on
# BASIC
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm "WEB PROXY"
auth_param basic credentialsttl 8 hours
external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl
...
My krb5.conf
#KERBEROS
[libdefaults]
default_realm = EMPRESA.COM
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 24h
[realms]
EMPRESA.COM = {
kdc = DC1.EMPRESA.COM:88
kdc = DC2.EMPRESA.COM:88
admin_server = DC1.EMPRESA.COM:464
default_domain = EMPRESA.COM
}
[domain_realm]
.empresa.com = EMPRESA.COM
empresa.com = EMPRESA.COM
empresa = EMPRESA.COM
[login]
krb4_convert = true
krb4_get_tickets = false
Does anyone have any idea?
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
