On 30/11/2015 5:44 p.m., Marcio Demetrio Bacci wrote: > Hi, > > I have the following problem with squid3 (3.1) on samba4: > > In /var/log/squid3/cache.log appear this information: > > 2015/11/29 23:53:53| storeLateRelease: released 0 objects > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND This is not a problem with Squid. This is a problem with the client delivering credentials for a DOMAIN which is not one of yours. > Could not lookup name domain^users Apparently they are logging in with credentials such as "domain^users/Bob" instead of "EMPRESA/Bob" > failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM > Could not convert sid to gid Which in turn means that they cannot be a member of any group within your DC's domain/realm. > > The followings commands returned "Success" > wbinfo -g > wbinfo -u > wbinfo -i <domainuser> > getent passwd > kinit user@DOMAIN > klist -l > hostname -f > hostname -d > hostname -s > net ads testjoin > ntlm_auth --help-protocol=squid-2.5-basic --domain=empresa > --username=domain-user You appear to be setting up for Kerberos authentication. Then using Basic authentication with the Samba helper. > > Here is my* smb.conf* > > [global] > netbios name = DC1 > workgroup = EMPRESA > security = ads > realm = EMPRESA.COM > encrypt passwords = yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > preferred master = no > idmap config *:backend = tdb > idmap config *:range = 1000-3000 > idmap config CMB:backend = ad > idmap config CMB:schema_mode = rfc2307 > idmap config CMB:range = 10000-9999999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes So what is that default domain? Could it be "domain^ysers" by chance? > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > username map = /etc/samba/user.map > > > Following the authentication block of my *squid.conf* > > ... > # NTLM > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 20 > auth_param ntlm keep_alive on > > > # BASIC > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm "WEB PROXY" > auth_param basic credentialsttl 8 hours > > external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl > ... > > My *krb5.conf* > > #KERBEROS > Negotiate authentication is not configured in your squid.conf. Kerberos details are irrelevant. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
