Re: [squid-users] Need help in integrating squid and samba

From: Avinash Rao <avinash.aol_at_gmail.com>
Date: Mon, 17 Aug 2009 19:59:54 +0530

Dear Christopher,

Thank you for your reply.

I am not using Active Directory, I am using a samba as a PDC (NT4) and
its a simple configuration. All clients are WinXP and they login to
the domain and i just want to control their access to internet that is
all.

And there is no other Windows NT domain machine in my network, its
just this ubuntu server running squid and samba!

If i am right? wbinfo -t will not work coz, i don't have a windows NT
domain machine and no trust exists. But, how do i control, restrict or
allow internet access for samba domain users through squid?

Many Thanks
Avinash

On Mon, Aug 17, 2009 at 7:50 PM, Chris
Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
> Yes,
>
> If you are using active directory 2000/2003/2008, you'll need to configure krb5 first
>
> Please see http://ubuntuforums.org/showthread.php?t=91510 , but you only need to follow steps 1-3, then 7-9
>
> Then run
>
> Wbinfo -t to check the trust and
> Wbinfo -g to list groups
>
> Kind Regards,
> Christopher Boczko
> Server Support Analyst - IT Shared Services
> HomeServe
> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>
> DDI: 01482 677272
> Mob: 07967 059241
>
> www.homeserve.com
> www.chemdry.co.uk
>
> DDI: 01482 677272
> Mob: 07967 059241
>
> www.homeserve.com
> www.chemdry.co.uk
>
>
> -----Original Message-----
> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
> Sent: 17 August 2009 14:57
> To: Chris Boczko
> Subject: Re: [squid-users] Need help in integrating squid and samba
>
> root_at_sunbox: net join -U user
> Password:
> Creation of workstation account failed
> Unable to join domain abc
>
> user_at_sunbox:/usr/lib/squid$ net join -U user1
> [2009/08/17 19:24:05, 0] passdb/secrets.c:secrets_init(66)
>  Failed to open /var/lib/samba/secrets.tdb
> [2009/08/17 19:24:05, 0] utils/net_rpc.c:rpc_oldjoin_internals(309)
>  error storing domain sid for abc
>
> No, I haven't configured krb5. Do we need all this just to control
> internet access for samba domain users?
>
> Avinash
>
>
> On Mon, Aug 17, 2009 at 7:19 PM, Chris
> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>> Have you run net join on the squid server (from the command line), and have you configured krb5?
>>
>> Does kinit (user)@(domain).(domain) work?
>>
>> Kind Regards,
>> Christopher Boczko
>>
>>
>> -----Original Message-----
>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>> Sent: 17 August 2009 14:47
>> To: Chris Boczko
>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>
>> Samba Version:
>>
>> dpkg -l | grep samba
>> ii  samba  3.0.28a-1ubuntu4.8   a LanManager-like file and printer server fo
>> ii  samba-common  3.0.28a-1ubuntu4.8   Samba common files used by both
>> the server a
>>
>> Ubuntu 8.04 Server 64-bit.
>>
>> Net Join? You mean from a windows client? I have only winXP clients
>> and they are all configured to login to the domain.
>>
>> Avinash
>>
>>
>>
>>
>> On Mon, Aug 17, 2009 at 7:07 PM, Chris
>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>> Have you tried rejoining the domain using
>>>
>>> Net join ?
>>>
>>> Then testing the join with
>>>
>>> Wbinfo -t
>>>
>>> Also, which version of debian / samba / ad are you running?
>>>
>>> Kind Regards,
>>> Christopher Boczko
>>>
>>> -----Original Message-----
>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>> Sent: 17 August 2009 14:25
>>> To: squid-users_at_squid-cache.org
>>> Subject: Fwd: [squid-users] Need help in integrating squid and samba
>>>
>>> Thanks for the quick response.
>>> And, yes i will install squid using apt-get install command.
>>> The basic winbindd functionality "wbinfo -t": is not successful
>>>
>>> wbinfo -t
>>> checking the trust secret via RPC calls failed
>>> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
>>> Could not check secret
>>>
>>> Even, wbinfo -a mydomain\\myuser%mypasswd is unsuccessful
>>>
>>> Wondering how i should proceed without this?
>>>
>>> Avinash
>>>
>>>
>>>
>>>
>>> On Mon, Aug 17, 2009 at 1:15 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>>>> [re-inserting squid-users mailing list]
>>>>
>>>> Avinash Rao wrote:
>>>>>
>>>>>
>>>>> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries <squid3_at_treenet.co.nz
>>>>> <mailto:squid3_at_treenet.co.nz>> wrote:
>>>>>
>>>>>    Avinash Rao wrote:
>>>>>
>>>>>        Dear all,
>>>>>
>>>>>        I am new here and i would like to know the correct procedure for
>>>>>        compiling squid to integrate with samba.
>>>>>        I am doing this on a Ubuntu 8.04 Server 64-bit edition and i
>>>>>        have all
>>>>>        the updates installed. Infact, i have installed samba through
>>>>>        apt-get
>>>>>        install and is configured as a PDC.
>>>>>
>>>>>        dpkg -l | grep samba
>>>>>        ii  samba  3.0.28a-1ubuntu4.8   a LanManager-like file and
>>>>>        printer server fo
>>>>>        ii  samba-common  3.0.28a-1ubuntu4.8   Samba common files used
>>>>>        by both
>>>>>        the server a
>>>>>
>>>>>         I am in need of controlling internet access for samba domain users
>>>>>        through squid. I read the documentation and it says Squid must be
>>>>>        built with the configure options:
>>>>>
>>>>>           --enable-auth="ntlm,basic"
>>>>>           --enable-basic-auth-helpers="
>>>>>        winbind"
>>>>>           --enable-ntlm-auth-helpers="winbind"
>>>>>
>>>>>        According to the documentation,
>>>>>        --------
>>>>>        Samba 3.x
>>>>>        ---------
>>>>>        Things are much easier under the 3.x versions of Samba. Smbd is no
>>>>>        longer required to manage the machine's trust account, and  there
>>>>> is
>>>>>        no need to patch any utilities.
>>>>>        The Samba team has incorporated functionality to change the machine
>>>>>        trust account password in the new "net" command.  A simple daily
>>>>>        cron
>>>>>        job scheduling "net rpc changetrustpw" is all that is needed.
>>>>>
>>>>>
>>>>>        I went through the squid documentation and the configure options
>>>>> are
>>>>>        vast. All i want is normal squid operations but with samba
>>>>>        integration. Do I have to specify other options for normal squid
>>>>>        operations?? What is the correct procedure and which version of
>>>>>        squid
>>>>>        suits well for the version of samba i am using? I have used
>>>>>        squid but
>>>>>        never compiled.  My requirement with samba is PDC, winxp clients,
>>>>>        users home directories are mapped as they login to the domain, a
>>>>>        common share for all users and a printer if needed.
>>>>>
>>>>>        Many Thanks,
>>>>>        Avinash
>>>>>
>>>>>
>>>>>    This covers the NTLM auth via Samba requirements.
>>>>>    http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
>>>>>
>>>>>    This covers the Active Directory (kerberos/negotiate auth)
>>>>> requirements:
>>>>>
>>>>>  http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
>>>>>
>>>>>
>>>>>    Amos
>>>>>    --    Please be using
>>>>>     Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>>     Current Beta Squid 3.1.0.13
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Amos,
>>>>>
>>>>> Thanks for the reply.
>>>>>
>>>>> I read the documentation, and it says, "
>>>>>
>>>>> As Samba-3.x has it's own authentication helper there is no need to build
>>>>> any of the Squid authentication helpers for use with Samba-3.x (and the
>>>>> helpers provided by Squid won't work if you do). You do however need to
>>>>> enable support for the NTLM scheme if you plan on using this. Also you may
>>>>> want to use the wbinfo_group helper for group lookups
>>>>>
>>>>> --enable-auth="ntlm,basic"
>>>>> --enable-external-acl-helpers="wbinfo_group"
>>>>>
>>>>> Does this mean that squid has to be compiled with the above options?  I
>>>>> am sorry if this sounds very basic. Also, my requirement, i should be able
>>>>> to restrict few users samba users from accessing the internet through at
>>>>> certain times and not necessary authentication.  Will the above options
>>>>> help.
>>>>>
>>>>> Thanks,
>>>>> Avinash
>>>>>
>>>>
>>>> The Squid packages available for Ubuntu already have those helpers built-in
>>>> and installed along with the package. All you need is the configuration file
>>>> changes.
>>>>
>>>> If you are building your own Squid from raw source code, you may need to add
>>>> them.
>>>>
>>>> For someone who does not know the very basics I would seriously advise
>>>> staying with the pre-packaged versions of Squid until you know what you are
>>>> doing.
>>>>  -->  apt-get install squid
>>>>
>>>> Then change the /etc/squid.conf file as needed.
>>>>
>>>>
>>>> Amos
>>>> --
>>>> Please be using
>>>>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>  Current Beta Squid 3.1.0.13
>>>>
>>>
>>
>
Received on Mon Aug 17 2009 - 14:30:03 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 17 2009 - 12:00:03 MDT