Yes I now.....you are tired with my mails but.....I post it again
I compiled samba with the follow options
nbsf000si10:/usr/src/samba-3.0.13/source# ./configure --with-ldap --with-fhs
--enable-shared --enable-static --prefix=/usr --sysconfdir=/etc
--libdir=/etc/samba --with-privatedir=/etc/samba
--with-piddir=/var/run/samba --localstatedir=/var --with-netatalk
--with-smbmount --with-pam --with-syslog --with-utmp --with-readline
--with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs
--with-automount --with-acl-support --with-tdbsam
I check wbinfo with root
nbsf000si10:/usr/src/samba-3.0.13/source# wbinfo -t
checking the trust secret via RPC calls succeeded
I check the plain auth with root
nbsf000si10:/var/log/samba# /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
Myuser mypass
OK
I have this lines in squid.conf
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param
basic realm Squid proxy-caching web server auth_param basic credentialsttl 2
hours
acl Authenticated proxy_auth REQUIRED
http_access allow Authenticated
cache_effective_user squid
cache_effective_group squid
The perms on the pipe are
drwxr-x--- 2 root squid 72 Apr 4 17:57 winbindd_privileged
And the pipe perms are
nbsf000si10:/var/lib/samba/winbindd_privileged# ls -l
total 0
srwxrwxrwx 1 root root 0 Apr 4 17:57 pipe
The location of the pipe is /var/lib/samba/winbindd_privileged/pipe, is
important ?
Now I test again using squid user
squid@nbsf000si10:~$ whoami
squid
squid@nbsf000si10:~$ wbinfo -t
checking the trust secret via RPC calls succeeded
squid@nbsf000si10:~$ /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
Myuser mypass
OK
PAM config is
nbsf000si10:/etc/pam.d# cat squid
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth-winbind
account required /lib/security/pam_stack.so service=system-auth-winbind
The squid ntlm auth DOESN´T WORK !!!!
I don´t now where is the error....
If I try with IE, I have the standard ie error page _The page cannot be
displayed_ and the log say
1112646622.054 0 172.16.254.231 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646622.059 0 172.16.254.231 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646622.091 0 172.16.254.231 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646622.132 0 172.16.254.231 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html
Four (4) entrys from one access try
If I use Firefox (must ask me for usr/pass, but don´t) just only I have the
squid error page
ERROR
Cache Access Denied
And the squid.log say
1112646702.030 24 172.16.254.231 TCP_DENIED/407 1741 GET
http://www.squid-cache.org/ - NONE/- text/html
1112646702.167 9 172.16.254.231 TCP_DENIED/407 1745 GET
http://www.squid-cache.org/ - NONE/- text/html
Two entrys from one access and never ask me for user pass
Exists another test to try the winbind and squid connection?
I need help please!!
Reards
Received on Wed Apr 06 2005 - 08:45:41 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT