On Tue, 24 Feb 2004, Daniel Meyer wrote:
> Guess i am missing something here.
>
> on my system the pipe has the following permissions:
>
> proxy:/var/locks/winbindd_privileged # ls -alp
> total 0
> drwxr-x--- 2 root root 72 Feb 24 10:52 ./
> drwxrwxrwx 4 root root 352 Feb 24 10:52 ../
> srwxrwxrwx 1 root root 0 Feb 24 10:52 pipe=
>
> If i try to change the permissions of the directory itself, so that
> the squid user can access it, winbindd fails to start:
>
> proxy:/var/locks # winbindd -i
> winbindd version 3.0.2 started.
> Copyright The Samba Team 2000-2004
> Added domain whatever whatever.Lokal S-1-5-21-3284267766-540466896-523501128
> invalid permissions on socket directory /var/locks/winbindd_privileged
> open_winbind_socket: No such file or directory
>
> Doesnt matter if i try to change owner/group, or just the rwx
> permissions for owner/group/all...
Only root should have w. The other users who should be allowed to access
this directory should have x and optionally r.
Recommended method is to create a group for winbind authentication and
make sure all services requiring this interface (i.e. Squid) is running
with this group.
chgrp winbind /path/to/winbindd_privileged
chmod 750 /path/to/winbindd_privileged (if you have changed the
permissions)
change Squid to run with group winbind
Or if access to the OS of your server is restricted you can take the easy
path out and allow all users access to winbindd_privileged
chmod 755 /path/to/winbindd_privileged
Regards
Henrik
Received on Tue Feb 24 2004 - 03:26:51 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:03 MST