On 2/22/07, Ray Dermody <dermodyr@gmail.com> wrote:
> Hi,
> Thanks for that Craig, that seems to have got me a bit further now. Im
> getting prompted for a username and password when I try to browse but
> it accepting nothing. Under /var/log/messages Im can see ntlm_auth
> (permission?) errors.
>
> Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:12): avc:
> denied { create } for pid=3133 comm="ntlm_auth"
> scontext=user_u:system_r:winbind_helper_t
> tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket
> Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:13): avc:
> denied { create } for pid=3133 comm="ntlm_auth"
> scontext=user_u:system_r:winbind_helper_t
> tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket
> Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:14): avc:
> denied { create } for pid=3133 comm="ntlm_auth"
> scontext=user_u:system_r:winbind_helper_t
> tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket
>
> Has any seen this error before.
These are audit notices from SELinux. It appears that SELinux is set
to permissive mode. As they begin with 'audit' they have no true
effect on your systems operation. Somebody with more SELinux policy
experience than I might be able to tell you how to correct the policy
to permit the helper program. However, I don't think this is affecting
any issues you are mentioning in this post.
If you are working with a client that is *not* a member of your domain
you may need to try entering the username as 'domain\username' or
'username@domain' If the machine is not a domain member it will supply
its own name in the place of 'domain' and the authentication will
fail.
You can also tail the squid access.log while attempting to browse and
see what is happening to the request. Maybe the cache.log also...
although this may depend on the debug level set in your squid.conf
(again, maybe someone more knowledgeable can comment on this).
Chris
Received on Thu Feb 22 2007 - 06:34:20 MST
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST