Re: [squid-users] Problem with Winbind

André Marques wrote:

>Hi Roman!
>
>Your hint helped me to solve one problem: the kernel
>error messages... changing the SE Linux config to
>permissive, made those error messages disappear. Thank
>you!
>
>Other thing i found out was that the problem i had was
>caused by an update on domain controllers. That was
>the Update Rollup 1 for MS Windows 2003 servers, if
>i'm not mistaken... has anybody noticed this kind of
>problem or any other like that? The removal of this
>update made the errors stop.
>
>
>
I also use Windows 2003 Servers with the mentioned patches without
problems... mainly on CentOS with samba-common-3.0.14a-2 patchlevel! Be
sure to have the latest krb5 packages for your distrubition also...

>By the way, now other error is happening. my wbinfo is
>bringing some crap when getting the users and groups.
>Instead of bringing USER and GROUP only, it brings
>DOMAIN_NAMErUSER and DOMAIN_NAMErGROUP, causing
>malfunction on wbinfo when checking the groups.
>
>
>
If you only use 1 domain, then enable winbind use default domain in your
samba config, then the domain fields shouldn't be there!

>Any query about users and groups by wbinfo program
>shows these wrong informations. I have even tried to
>put the same wbinfo that works well on other server,
>replacing the bad one, but nothing changed. Is there
>any way to verify why is it happening?
>
>Again, any help would be very appreciated... thanks to
>anyone!
>
>
>André
>
>
>
>--- Roman Rathler <squidlist@comegetsome.at> escreveu:
>
>
>
>>Have you set your SElinux state to enforcing? this
>>could cause the
>>kernel to not allow squid to access winbind!
>>check with setenforce permissive if the problem
>>persists!
>>
>>cheers
>>
>>André Marques wrote:
>>
>>
>>
>>>Hello to all! :)
>>>
>>>I'm experiencing some troubles on one of my
>>>
>>>
>>enterprise
>>
>>
>>>proxy servers, which runs Squid 2.5 STABLE10. It
>>>
>>>
>>was
>>
>>
>>>working very well, but suddenly started to log
>>>
>>>
>>these
>>
>>
>>>kind of messages the "messages" log file:
>>>
>>>Jul 26 11:28:05 server1 logger: Script:Got user1
>>>GROUP1 from squid
>>>Jul 26 11:28:05 server1 winbindd[31811]:
>>>
>>>
>>[2005/07/26
>>
>>
>>>11:28:05, 0] lib/util_sid.c:string_to_sid(301)
>>>Jul 26 11:28:05 server1 winbindd[31811]:
>>>string_to_sid: Sid Could not lookup name GRUPO1
>>>
>>>
>>does
>>
>>
>>>not start with 'S-'.
>>>Jul 26 11:28:05 server1 logger: Script:User:
>>>
>>>
>>-USER1-
>>
>>
>>>Group: -GRUPO1- SID: -Could not lookup name
>>>
>>>
>>GRUPO1-
>>
>>
>>>GID: -Could not convert sid Could not lookup name
>>>GRUPO1 to gid-
>>>Jul 26 11:28:05 server1 logger: Script:Sending ERR
>>>
>>>
>>to
>>
>>
>>>squid
>>>Jul 26 11:28:45 server1 kernel:
>>>audit(1122388125.215:0): avc: denied { search }
>>>
>>>
>>for
>>
>>
>>>pid=517 exe=/usr/bin/perl
>>>scontext=root:system_r:httpd_sys_script_t
>>>tcontext=system_u:object_r:sysctl_kernel_t
>>>
>>>
>>tclass=dir
>>
>>
>>>Jul 26 11:28:45 server1 kernel:
>>>audit(1122388125.215:0): avc: denied { search }
>>>
>>>
>>for
>>
>>
>>>pid=517 exe=/usr/bin/perl name=sys dev=proc
>>>ino=-268435431
>>>scontext=root:system_r:httpd_sys_script_t
>>>tcontext=system_u:object_r:sysctl_t tclass=dir
>>>
>>>These messages vary on its appearance, but they're
>>>often like those i put above.
>>>
>>>It seems that it tries to search for an USER1 on
>>>
>>>
>>AD,
>>
>>
>>>through wbinfo, but doesn't find it, even existing
>>>this user. The result for "wbinfo -t" is ok, but
>>>
>>>
>>when
>>
>>
>>>i try to get wbinfo -n "USER1", it shows this error
>>>message:
>>>
>>>Could not lookup name USER1
>>>
>>>I think that the fact of it doesn't convert the SID
>>>for the user is generating the errors on the
>>>"messages" log file, but on "smb.conf" file, the
>>>password server is listed ok and nothing has
>>>
>>>
>>changed
>>
>>
>>>on this file recently. These error are causing
>>>instability on the proxy server, making it ask for
>>>
>>>
>>a
>>
>>
>>>password sometimes or even not permitting the
>>>
>>>
>>access
>>
>>
>>>to some users.
>>>
>>>So, i would be grateful for any help you can give
>>>
>>>
>>me
>>
>>
>>>for i can fix it. I'm working with Fedora Core 3,
>>>Samba and Winbind Version 3.0.10-1.fc3.
>>>
>>>I'll be available for any further information you
>>>
>>>
>>may
>>
>>
>>>need. Thanks!
>>>
>>>
>>>André
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>_______________________________________________________
>>
>>
>>
>>>Yahoo! Acesso Grátis - Internet rápida e grátis.
>>>Instale o discador agora!
>>>
>>>
>>http://br.acesso.yahoo.com/
>>
>>
>>>
>>>
>>>
>>>
>>
>>
>
>
>
>__________________________________________________
>Converse com seus amigos em tempo real com o Yahoo! Messenger
>http://br.download.yahoo.com/messenger/
>
>
Received on Thu Jul 28 2005 - 07:07:58 MDT