Re: [squid-users] Using wb_group from Samba 3.0 with squid 2.5

From: Daniel Palmer <DanielPalmer@dont-contact.us>
Date: Wed, 8 Oct 2003 15:16:16 +1000

Have you tried it with a user who is not in as many groups?

> Oct 2 16:08:38 urd winbindd[1809]: process_loop: Invalid request
size

I had the problem with invalid request size when trying to join a
computer to the domain with a user in too many groups.. *apparently*
(and I could be completely wrong), the MIT version of KRB5 doesn't
currently fall back to TCP when groups are too large for the UDP
packet.. (or was it the other way round?)

Just something to test...

Daniel Palmer
IT Managers.net - The Support Group
http://itmanagers.net

-----Original Message-----
From: Nerijus Baliunas [mailto:nerijus@users.sourceforge.net]
Sent: Wednesday, 8 October 2003 2:41 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Using wb_group from Samba 3.0 with squid 2.5

Hello,

> try testing the helper from console
> /your/path/to/wb_group -d
>
> then
> DOMAIN\\USERNAME GROUP

Tried it:

# /usr/lib/squid/wb_group -d
/wb_group[25479](wb_check_group.c:322): External ACL winbindd group
helper build Sep 22 2003, 18:38:39 starting up... lspi\\test "Domain
Users"
/wb_group[25479](wb_check_group.c:343): Got 'lspi\\test "Domain Users"'
from Squid (length: 25).
/wb_group[25479](wb_check_group.c:231): Warning: Can't enum user groups.
ERR

# wbinfo -g
Domain Admins
Domain Users
...

# ls -ld /var/cache/samba/winbindd_privileged/
drwxr-x--- 2 root squid 4096 Oct 7 19:19
/var/cache/samba/winbindd_privileged/

winbindd.log:
[2003/10/07 19:19:12, 0] nsswitch/winbindd.c:process_loop(716)
  process_loop: Invalid request size from pid 25479: 1304 bytes sent,
should be 1568

What could be the problem?

> be sure not to change separator in smb.conf
> squid group auth won't work with anything else than \\

winbind separator is commented out in smb.conf, so it should
be the default.

samba 3.0, squid 2.5.STABLE3.

Regards,
Nerijus
Received on Tue Oct 07 2003 - 23:16:22 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:26 MST