Re: [squid-users] Join Squid to Windows Domain Controller : Configuring Squid for NTLM with Winbind Authentication on CentOS 5

I have followed these steps and I keep getting this error :

============================================
Password:
[2010/06/16 16:25:28, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(367)
  Error in domain join verification (credential setup failed):
NT_STATUS_NOT_SUPPORTED

Unable to join domain EXCH02.

Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
[root_at_squid squid]#
============================================

Could any one let me know what I missing ?.

Thanks

----- Original Message -----
From: "Murilo Moreira de Oliveira" <murilo.moreira_at_gmail.com>
To: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
Cc: <squid-users_at_squid-cache.org>
Sent: Tuesday, June 15, 2010 7:05 AM
Subject: Re: [squid-users] Join Squid to Windows Domain Controller :
Configuring Squid for NTLM with Winbind Authentication on CentOS 5

Hello. Follow bellow the steps I've used to get NTLM authentication working.

 1.# yum -y install authconfig krb5-workstation samba-common

2.[root_at_proxyweb ~]# authconfig --enableshadow --enablemd5
--passalgo=md5 --krb5kdc=AD_SERVER.YOUR.FULL.DOMAIN
--krb5realm=YOUR.FULL.DOMAIN --smbservers=AD_SERVER.YOUR.FULL.DOMAIN
--smbworkgroup=YOUR_AD_GROUP --enablewinbind --enablewinbindauth
--smbsecurity=ads --smbrealm=YOUR.FULL.DOMAIN
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431"
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain
--disablewinbindoffline --winbindjoin=SOME_DOMAIN_ADMIN --disablewins
--disablecache --enablelocauthorize --updateall

3.# wbinfo --set-auth-user=YOUR_PROXY_USER%YOUR_PROXY_USER_PASSWORD
This is the user that proxy will use to validate users credentials.

4.# chown root:squid /var/cache/samba/winbindd_privileged

2010/6/14 Edouard Zorrilla <ezorrilla_at_tsf.com.pe>:
> Hi Guys,
>
> Did anyone make it works ? :
>
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5
>
> # authconfig --enableshadow --enablemd5 --passalgo=md5
> --krb5kdc=ads.example.local \
> --krb5realm=EXAMPLE.LOCAL --smbservers=ads.example.local
> --smbworkgroup=EXAMPLE \
> --enablewinbind --enablewinbindauth --smbsecurity=ads
> --smbrealm=EXAMPLE.LOCAL \
> --smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431"
> --winbindseparator="+" \
> --winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain
> --disablewinbindoffline \
> --winbindjoin=Administrator --disablewins --disablecache
> --enablelocauthorize --updateall
>
> I just want to authenticate against a Windows Domain Controller but no
> luck
> yet, could someone give one advice how can I do that ?. Maybe I am going
> through the wrong path, I want to use the NTLM since as far as I have seen
> this is best way I can do that.
>
> The error that I get is :
>
> [2010/06/14 16:39:42, 0] libads/kerberos.c:ads_kinit_password(228)
> kerberos_kinit_password user_at_abc.xyz.COM failed: Client not found in
> Kerberos database
>
> Any help would be greatly appreciated.
>
> Thanks.,
>
>
>
Received on Thu Jun 17 2010 - 00:14:37 MDT