Hi,
After i reboot the server, none of the wbinfo command works, it says
access is denied. it worked after i again joined the machine to the
domain using net join command.
How do i solve this?
Avinash
On Tue, Aug 18, 2009 at 9:48 AM, Avinash Rao<avinash.aol_at_gmail.com> wrote:
> Hi,
>
> I am able to test wbinfo -a mydomain\\myuser%mypasswd, the output is
> as expected.
> But, the helpers testing didn't give proper results.
>
> /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> mydomain\user password
> Doesn't return anything.. if i pressed enter key, i see ERR
>
> Thanks
> Avinash
>
>
>
>
>
> On Mon, Aug 17, 2009 at 9:07 PM, Avinash Rao<avinash.aol_at_gmail.com> wrote:
>> Chris,
>>
>> Please don't get bugged, wbinfo -g is working now ..
>> wbinfo -g
>> BUILTIN\administrators
>> BUILTIN\users
>>
>> and even wbinfo -t
>>
>> wbinfo -t
>> checking the trust secret via RPC calls succeeded
>>
>> but it didn't give the out "the secret is good" . I have no idea how
>> this is working all of a sudden, it didn't work a little while ago!
>>
>> Regards,
>> Avinash
>>
>>
>>
>> On Mon, Aug 17, 2009 at 8:58 PM, Avinash Rao<avinash.aol_at_gmail.com> wrote:
>>> Yes, Squid and Samba(PDC) are running on the same server.
>>>
>>> wbinfo -g won't work as i have not created any of the NT Domain Groups
>>> is that necessary? Coz, i have a very simple samba configuration.
>>>
>>> I went through the link and made changes to nsswitch conf.
>>>
>>> wbinfo -set-auth-user=Administrator%'password'
>>> Could not lookup sid Administrator%password
>>>
>>> But, I could join the domain, i just entered net join and entered the
>>> current users password and it said joined the domain!
>>> wbinfo -u
>>> Error looking up domain users
>>>
>>> Thanks again
>>> Avinash
>>>
>>>
>>>
>>> On Mon, Aug 17, 2009 at 8:29 PM, Chris
>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>> Right ok,
>>>>
>>>> So squid is running samba (as a pdc) and squid as a cache?
>>>>
>>>> Can you try running wbinfo -g, and if that doesn't work, try running wbinfo --set-auth-user=Administrator%'YourPassword' (see: http://www.debian-administration.org/article/Question_Winbind_on_samba_PDC), the run wbinfo -g again
>>>>
>>>> Kind Regards,
>>>> Christopher Boczko
>>>> Server Support Analyst - IT Shared Services
>>>> HomeServe
>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>
>>>> DDI: 01482 677272
>>>> Mob: 07967 059241
>>>>
>>>> www.homeserve.com
>>>> www.chemdry.co.uk
>>>>
>>>> DDI: 01482 677272
>>>> Mob: 07967 059241
>>>>
>>>> www.homeserve.com
>>>> www.chemdry.co.uk
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>> Sent: 17 August 2009 15:56
>>>> To: Chris Boczko
>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>
>>>> Yes its on the squid server and its a PDC and the passwd backend is tdbsam
>>>>
>>>>
>>>>
>>>> On Mon, Aug 17, 2009 at 8:22 PM, Chris
>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>> This is on the squid server?
>>>>>
>>>>> Its trying to be a pdc
>>>>>
>>>>>
>>>>> domain logons = yes
>>>>> os level = 65
>>>>> prefered master = yes
>>>>> domain master = yes
>>>>> local master = yes
>>>>>
>>>>> Kind Regards,
>>>>> Christopher Boczko
>>>>> Server Support Analyst - IT Shared Services
>>>>> HomeServe
>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>
>>>>> DDI: 01482 677272
>>>>> Mob: 07967 059241
>>>>>
>>>>> www.homeserve.com
>>>>> www.chemdry.co.uk
>>>>>
>>>>> DDI: 01482 677272
>>>>> Mob: 07967 059241
>>>>>
>>>>> www.homeserve.com
>>>>> www.chemdry.co.uk
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>> Sent: 17 August 2009 15:51
>>>>> To: Chris Boczko
>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>
>>>>> smb.conf
>>>>>
>>>>> [global]
>>>>> workgroup = abc
>>>>> server string = Samba on SUN
>>>>> max log size = 500
>>>>> log level = 1
>>>>> interfaces = eth2 100.100.100.251
>>>>> bind interfaces only = True
>>>>>
>>>>> log file = /var/log/samba/log.%m
>>>>> max log size = 1000
>>>>>
>>>>> domain logons = yes
>>>>> os level = 65
>>>>> prefered master = yes
>>>>> domain master = yes
>>>>> local master = yes
>>>>>
>>>>> winbind uid = 10000-20000
>>>>> winbind gid = 10000-20000
>>>>> winbind use default domain = yes
>>>>>
>>>>> add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u
>>>>> dns proxy =No
>>>>> hosts allow = 127. 100.100.100.
>>>>> wins support = Yes
>>>>> passdb backend = smbpasswd
>>>>>
>>>>> encrypt passwords = true
>>>>> smb passwd file = /etc/samba/smbpasswd
>>>>> security = user
>>>>> netbios name = sunbox
>>>>> username map = /etc/samba/smbusers
>>>>>
>>>>> [homes]
>>>>> comment = Home Dir
>>>>> read only = NO
>>>>> browseable = NO
>>>>> valid users = %S
>>>>> path = %H
>>>>> directory mask = 0700
>>>>> create mask = 0700
>>>>>
>>>>>
>>>>> [share]
>>>>> comment = test share
>>>>> path = /sambashare
>>>>> valid users = nimda
>>>>> create mask = 0765
>>>>>
>>>>>
>>>>> Cheers
>>>>> Avinash
>>>>>
>>>>>
>>>>> On Mon, Aug 17, 2009 at 8:04 PM, Chris
>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>> Ah, make a little more sense, but i'm afraid my only experience is with windows as a active directory controller and samba linking to that, but i can still take a look at your smb.conf if you would like
>>>>>>
>>>>>> Kind Regards,
>>>>>> Christopher Boczko
>>>>>> Server Support Analyst - IT Shared Services
>>>>>> HomeServe
>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>
>>>>>> DDI: 01482 677272
>>>>>> Mob: 07967 059241
>>>>>>
>>>>>> www.homeserve.com
>>>>>> www.chemdry.co.uk
>>>>>>
>>>>>> DDI: 01482 677272
>>>>>> Mob: 07967 059241
>>>>>>
>>>>>> www.homeserve.com
>>>>>> www.chemdry.co.uk
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>> Sent: 17 August 2009 15:30
>>>>>> To: Chris Boczko
>>>>>> Cc: squid-users_at_squid-cache.org
>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>
>>>>>> Dear Christopher,
>>>>>>
>>>>>> Thank you for your reply.
>>>>>>
>>>>>> I am not using Active Directory, I am using a samba as a PDC (NT4) and
>>>>>> its a simple configuration. All clients are WinXP and they login to
>>>>>> the domain and i just want to control their access to internet that is
>>>>>> all.
>>>>>>
>>>>>> And there is no other Windows NT domain machine in my network, its
>>>>>> just this ubuntu server running squid and samba!
>>>>>>
>>>>>> If i am right? wbinfo -t will not work coz, i don't have a windows NT
>>>>>> domain machine and no trust exists. But, how do i control, restrict or
>>>>>> allow internet access for samba domain users through squid?
>>>>>>
>>>>>> Many Thanks
>>>>>> Avinash
>>>>>>
>>>>>>
>>>>>> On Mon, Aug 17, 2009 at 7:50 PM, Chris
>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>> Yes,
>>>>>>>
>>>>>>> If you are using active directory 2000/2003/2008, you'll need to configure krb5 first
>>>>>>>
>>>>>>> Please see http://ubuntuforums.org/showthread.php?t=91510 , but you only need to follow steps 1-3, then 7-9
>>>>>>>
>>>>>>> Then run
>>>>>>>
>>>>>>> Wbinfo -t to check the trust and
>>>>>>> Wbinfo -g to list groups
>>>>>>>
>>>>>>> Kind Regards,
>>>>>>> Christopher Boczko
>>>>>>> Server Support Analyst - IT Shared Services
>>>>>>> HomeServe
>>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>>
>>>>>>> DDI: 01482 677272
>>>>>>> Mob: 07967 059241
>>>>>>>
>>>>>>> www.homeserve.com
>>>>>>> www.chemdry.co.uk
>>>>>>>
>>>>>>> DDI: 01482 677272
>>>>>>> Mob: 07967 059241
>>>>>>>
>>>>>>> www.homeserve.com
>>>>>>> www.chemdry.co.uk
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>> Sent: 17 August 2009 14:57
>>>>>>> To: Chris Boczko
>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>
>>>>>>> root_at_sunbox: net join -U user
>>>>>>> Password:
>>>>>>> Creation of workstation account failed
>>>>>>> Unable to join domain abc
>>>>>>>
>>>>>>> user_at_sunbox:/usr/lib/squid$ net join -U user1
>>>>>>> [2009/08/17 19:24:05, 0] passdb/secrets.c:secrets_init(66)
>>>>>>> Failed to open /var/lib/samba/secrets.tdb
>>>>>>> [2009/08/17 19:24:05, 0] utils/net_rpc.c:rpc_oldjoin_internals(309)
>>>>>>> error storing domain sid for abc
>>>>>>>
>>>>>>> No, I haven't configured krb5. Do we need all this just to control
>>>>>>> internet access for samba domain users?
>>>>>>>
>>>>>>> Avinash
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 17, 2009 at 7:19 PM, Chris
>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>> Have you run net join on the squid server (from the command line), and have you configured krb5?
>>>>>>>>
>>>>>>>> Does kinit (user)@(domain).(domain) work?
>>>>>>>>
>>>>>>>> Kind Regards,
>>>>>>>> Christopher Boczko
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>> Sent: 17 August 2009 14:47
>>>>>>>> To: Chris Boczko
>>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>>
>>>>>>>> Samba Version:
>>>>>>>>
>>>>>>>> dpkg -l | grep samba
>>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and printer server fo
>>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files used by both
>>>>>>>> the server a
>>>>>>>>
>>>>>>>> Ubuntu 8.04 Server 64-bit.
>>>>>>>>
>>>>>>>> Net Join? You mean from a windows client? I have only winXP clients
>>>>>>>> and they are all configured to login to the domain.
>>>>>>>>
>>>>>>>> Avinash
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Aug 17, 2009 at 7:07 PM, Chris
>>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>>> Have you tried rejoining the domain using
>>>>>>>>>
>>>>>>>>> Net join ?
>>>>>>>>>
>>>>>>>>> Then testing the join with
>>>>>>>>>
>>>>>>>>> Wbinfo -t
>>>>>>>>>
>>>>>>>>> Also, which version of debian / samba / ad are you running?
>>>>>>>>>
>>>>>>>>> Kind Regards,
>>>>>>>>> Christopher Boczko
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>>> Sent: 17 August 2009 14:25
>>>>>>>>> To: squid-users_at_squid-cache.org
>>>>>>>>> Subject: Fwd: [squid-users] Need help in integrating squid and samba
>>>>>>>>>
>>>>>>>>> Thanks for the quick response.
>>>>>>>>> And, yes i will install squid using apt-get install command.
>>>>>>>>> The basic winbindd functionality "wbinfo -t": is not successful
>>>>>>>>>
>>>>>>>>> wbinfo -t
>>>>>>>>> checking the trust secret via RPC calls failed
>>>>>>>>> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
>>>>>>>>> Could not check secret
>>>>>>>>>
>>>>>>>>> Even, wbinfo -a mydomain\\myuser%mypasswd is unsuccessful
>>>>>>>>>
>>>>>>>>> Wondering how i should proceed without this?
>>>>>>>>>
>>>>>>>>> Avinash
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Aug 17, 2009 at 1:15 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>>>>>>>>>> [re-inserting squid-users mailing list]
>>>>>>>>>>
>>>>>>>>>> Avinash Rao wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries <squid3_at_treenet.co.nz
>>>>>>>>>>> <mailto:squid3_at_treenet.co.nz>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Avinash Rao wrote:
>>>>>>>>>>>
>>>>>>>>>>> Dear all,
>>>>>>>>>>>
>>>>>>>>>>> I am new here and i would like to know the correct procedure for
>>>>>>>>>>> compiling squid to integrate with samba.
>>>>>>>>>>> I am doing this on a Ubuntu 8.04 Server 64-bit edition and i
>>>>>>>>>>> have all
>>>>>>>>>>> the updates installed. Infact, i have installed samba through
>>>>>>>>>>> apt-get
>>>>>>>>>>> install and is configured as a PDC.
>>>>>>>>>>>
>>>>>>>>>>> dpkg -l | grep samba
>>>>>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and
>>>>>>>>>>> printer server fo
>>>>>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files used
>>>>>>>>>>> by both
>>>>>>>>>>> the server a
>>>>>>>>>>>
>>>>>>>>>>> I am in need of controlling internet access for samba domain users
>>>>>>>>>>> through squid. I read the documentation and it says Squid must be
>>>>>>>>>>> built with the configure options:
>>>>>>>>>>>
>>>>>>>>>>> --enable-auth="ntlm,basic"
>>>>>>>>>>> --enable-basic-auth-helpers="
>>>>>>>>>>> winbind"
>>>>>>>>>>> --enable-ntlm-auth-helpers="winbind"
>>>>>>>>>>>
>>>>>>>>>>> According to the documentation,
>>>>>>>>>>> --------
>>>>>>>>>>> Samba 3.x
>>>>>>>>>>> ---------
>>>>>>>>>>> Things are much easier under the 3.x versions of Samba. Smbd is no
>>>>>>>>>>> longer required to manage the machine's trust account, and there
>>>>>>>>>>> is
>>>>>>>>>>> no need to patch any utilities.
>>>>>>>>>>> The Samba team has incorporated functionality to change the machine
>>>>>>>>>>> trust account password in the new "net" command. A simple daily
>>>>>>>>>>> cron
>>>>>>>>>>> job scheduling "net rpc changetrustpw" is all that is needed.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I went through the squid documentation and the configure options
>>>>>>>>>>> are
>>>>>>>>>>> vast. All i want is normal squid operations but with samba
>>>>>>>>>>> integration. Do I have to specify other options for normal squid
>>>>>>>>>>> operations?? What is the correct procedure and which version of
>>>>>>>>>>> squid
>>>>>>>>>>> suits well for the version of samba i am using? I have used
>>>>>>>>>>> squid but
>>>>>>>>>>> never compiled. My requirement with samba is PDC, winxp clients,
>>>>>>>>>>> users home directories are mapped as they login to the domain, a
>>>>>>>>>>> common share for all users and a printer if needed.
>>>>>>>>>>>
>>>>>>>>>>> Many Thanks,
>>>>>>>>>>> Avinash
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This covers the NTLM auth via Samba requirements.
>>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
>>>>>>>>>>>
>>>>>>>>>>> This covers the Active Directory (kerberos/negotiate auth)
>>>>>>>>>>> requirements:
>>>>>>>>>>>
>>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Amos
>>>>>>>>>>> -- Please be using
>>>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>>>>>>>> Current Beta Squid 3.1.0.13
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Amos,
>>>>>>>>>>>
>>>>>>>>>>> Thanks for the reply.
>>>>>>>>>>>
>>>>>>>>>>> I read the documentation, and it says, "
>>>>>>>>>>>
>>>>>>>>>>> As Samba-3.x has it's own authentication helper there is no need to build
>>>>>>>>>>> any of the Squid authentication helpers for use with Samba-3.x (and the
>>>>>>>>>>> helpers provided by Squid won't work if you do). You do however need to
>>>>>>>>>>> enable support for the NTLM scheme if you plan on using this. Also you may
>>>>>>>>>>> want to use the wbinfo_group helper for group lookups
>>>>>>>>>>>
>>>>>>>>>>> --enable-auth="ntlm,basic"
>>>>>>>>>>> --enable-external-acl-helpers="wbinfo_group"
>>>>>>>>>>>
>>>>>>>>>>> Does this mean that squid has to be compiled with the above options? I
>>>>>>>>>>> am sorry if this sounds very basic. Also, my requirement, i should be able
>>>>>>>>>>> to restrict few users samba users from accessing the internet through at
>>>>>>>>>>> certain times and not necessary authentication. Will the above options
>>>>>>>>>>> help.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Avinash
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> The Squid packages available for Ubuntu already have those helpers built-in
>>>>>>>>>> and installed along with the package. All you need is the configuration file
>>>>>>>>>> changes.
>>>>>>>>>>
>>>>>>>>>> If you are building your own Squid from raw source code, you may need to add
>>>>>>>>>> them.
>>>>>>>>>>
>>>>>>>>>> For someone who does not know the very basics I would seriously advise
>>>>>>>>>> staying with the pre-packaged versions of Squid until you know what you are
>>>>>>>>>> doing.
>>>>>>>>>> --> apt-get install squid
>>>>>>>>>>
>>>>>>>>>> Then change the /etc/squid.conf file as needed.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Amos
>>>>>>>>>> --
>>>>>>>>>> Please be using
>>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>>>>>>> Current Beta Squid 3.1.0.13
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Received on Tue Aug 18 2009 - 05:29:11 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 18 2009 - 12:00:03 MDT