[squid-users] Re: wb_group & 2k domain

From: Federico Lombardo <egopfe@dont-contact.us>
Date: Thu, 10 Apr 2003 10:30:27 +0200

Alex no prob, but i think is a Samba-Winbindd related problem.

I paste my smb.conf and after my squid.conf

for first you must compile samba
with: --with-winbind --with-winbind-auth-challenge options.

Plase note that I've create a Machine account into the domain using
smbpasswd -j DOMAIN -u User-Able-To-Create-Account

Have you compiled squid 2.5 stable2
using --with-samba-source=/path/to/the/samba/source/that/you/are/using
Is important that you compile squid with the samba' source that you are
using in production!!!!

so please use samba-2.2.8a (previus version are vulnerable) and compile
squid with that sources.
After that control with wbinfo that you are able to read user and groups
from the domain

Note that I've written a stupid tutorial avaiable:
https://www.connectionreset.it/homepage/documenti/squidntdomainauth.txt

NOTE: you must put IT-TEST\\ashort Domain with DOUBLE SLASH testing
wb_group -d!!!!!! :-)

my smb.conf:

;*******************section global*****************
[global]
        password server = MASTER BDC
        ; insert correct entries into /etc/hosts to solve that names or use:
        ;password server = *
        wins server = 192.168.5.1 192.168.0.1
        dns proxy = no
        update encrypted = Yes
        security = domain
; security = share
        encrypt passwords = Yes
        workgroup = MyDomain
        local master = yes
        socket options = TCP_NODELAY
        log file = /dev/tty10
        netbios name = Squid
        load printers = no
        max log size = 50
        preferred master = no
;*********** winbindd **********
; winbind separator = \
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes

;*******************section public*****************
[public]
....
...
....

BEst Regards,

Federico :-)

----- Original Message -----
From: "Alex Short" <alex@short.net>
To: <egopfe@hotmail.com>
Sent: Wednesday, April 09, 2003 11:55 PM
Subject: wb_group & 2k domain

> Federico,
>
> Can you send me the snippet of your squid.conf that you invoke wb_group?
> I've currently got setup proxy servers using wb_group against an NT PDC,
> but they are moving to a 2k AD PDC--when i try wb_group, it doesn't return
> the right information to squid. When i try wb_info -d (debug) then do
> DOMAIN\\user Group
>
> I get this returned:
>
> ./wb_group -d
> /wb_group[8426](wb_check_group.c:266): External ACL winbindd group helper
> build Apr 9 2003, 16:56:51 starting up...
> IT-TEST\ashort Domain
> /wb_group[8426](wb_check_group.c:286): Got 'IT-TEST\ashort Domain' from
> Squid (length: 21).
> ERR
>
>
>
> Any ideas?
>
>
Received on Thu Apr 10 2003 - 02:42:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:54 MST