Re: [squid-users] Join Squid to Windows Domain Controller : Configuring Squid for NTLM with Winbind Authentication on CentOS 5

Hi,

I keep getting this error when I tryin to authenticate agains a Windows
dominan controller :

=====================================================================
ezorrilla's password:
[2010/06/16 11:32:35, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password ezorrilla_at_STO.DA.COM failed: Client not found in
Kerberos database
Failed to join domain: Improperly formed account name
ADS join did not work, falling back to RPC...
Could not connect to server dfgstrad01.stores.dfg.com
The username or password was not correct.
Could not connect to server dfgstrad01.stores.dfg.com
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
[root_at_nmmsquid samba]#
=====================================================================

Do you know what could be the issue here ?.,

Thanks.

----- Original Message -----
From: "Murilo Moreira de Oliveira" <murilo.moreira_at_gmail.com>
To: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
Cc: <squid-users_at_squid-cache.org>
Sent: Tuesday, June 15, 2010 7:05 AM
Subject: Re: [squid-users] Join Squid to Windows Domain Controller :
Configuring Squid for NTLM with Winbind Authentication on CentOS 5

Hello. Follow bellow the steps I've used to get NTLM authentication working.

 1.# yum -y install authconfig krb5-workstation samba-common

2.[root_at_proxyweb ~]# authconfig --enableshadow --enablemd5
--passalgo=md5 --krb5kdc=AD_SERVER.YOUR.FULL.DOMAIN
--krb5realm=YOUR.FULL.DOMAIN --smbservers=AD_SERVER.YOUR.FULL.DOMAIN
--smbworkgroup=YOUR_AD_GROUP --enablewinbind --enablewinbindauth
--smbsecurity=ads --smbrealm=YOUR.FULL.DOMAIN
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431"
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain
--disablewinbindoffline --winbindjoin=SOME_DOMAIN_ADMIN --disablewins
--disablecache --enablelocauthorize --updateall

3.# wbinfo --set-auth-user=YOUR_PROXY_USER%YOUR_PROXY_USER_PASSWORD
This is the user that proxy will use to validate users credentials.

4.# chown root:squid /var/cache/samba/winbindd_privileged

2010/6/14 Edouard Zorrilla <ezorrilla_at_tsf.com.pe>:
> Hi Guys,
>
> Did anyone make it works ? :
>
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5
>
> # authconfig --enableshadow --enablemd5 --passalgo=md5
> --krb5kdc=ads.example.local \
> --krb5realm=EXAMPLE.LOCAL --smbservers=ads.example.local
> --smbworkgroup=EXAMPLE \
> --enablewinbind --enablewinbindauth --smbsecurity=ads
> --smbrealm=EXAMPLE.LOCAL \
> --smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431"
> --winbindseparator="+" \
> --winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain
> --disablewinbindoffline \
> --winbindjoin=Administrator --disablewins --disablecache
> --enablelocauthorize --updateall
>
> I just want to authenticate against a Windows Domain Controller but no
> luck
> yet, could someone give one advice how can I do that ?. Maybe I am going
> through the wrong path, I want to use the NTLM since as far as I have seen
> this is best way I can do that.
>
> The error that I get is :
>
> [2010/06/14 16:39:42, 0] libads/kerberos.c:ads_kinit_password(228)
> kerberos_kinit_password user_at_abc.xyz.COM failed: Client not found in
> Kerberos database
>
> Any help would be greatly appreciated.
>
> Thanks.,
>
>
>
Received on Wed Jun 16 2010 - 18:35:39 MDT