I found strange solution:
stop squid&windbind
rm -rf /var/db/samba/winbindd_privileged
start winbind
chown :squid /var/db/samba/winbindd_privileged
And problem disappeared.
2010/9/1 c0re <nr1c0re_at_gmail.com>:
> Hello squid users!
>
> I've got squid+winbind ntlm auth.
> But sometimes I see this in log /var/log/samba/log.winbindd
>
> [2010/09/01 12:39:11, 2] winbindd/winbindd_pam.c:winbindd_pam_auth_crap(1754)
> winbindd_pam_auth_crap: non-privileged access denied. !
> winbindd_pam_auth_crap: Ensure permissions on
> /var/db/samba/winbindd_privileged are set correctly.
>
> About 1k users.
> Sometimes some user can see proxy auth window asking for credentials in IE6.
> User can just press ESC and do not enter any credentials, all goes OK.
> That window means that some ntlm auth problem occurs.
> In log I see only those message above about winbindd_privileged.
>
> freebsd 7.3
> squid 3.1.7
> samba-3.3.10
>
> In squid.conf
> no cache_effective_group option configured
> auth_param ntlm program /usr/local/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 150
>
> Using cachemgr.cgi and looking at "NTLM User Authenticator Stats" I
> see only 32 redirectors has changed "# Request" counters, that means
> that not all 150 redirectors used so it's not redirector problem.
>
> # ls -l /var/db/samba/ | grep winbindd_privileged
> drwxrwx--- 2 root squid 512 Aug 22 13:58 winbindd_privileged
>
> # ls -l /var/db/samba/winbindd_privileged/
> srwxrwxrwx 1 root squid 0 Aug 22 13:58 pipe
>
> What can be wrong? If there were incorrect permissions no one can auth
> via ntlm, but all users can authorize and walk in internet. I can't
> find why sometime those auth window appears and why those message
> about "permissions" appears in log.
>
> Thanks in advance!
>
Received on Fri Sep 03 2010 - 11:54:55 MDT
This archive was generated by hypermail 2.2.0 : Sat Sep 04 2010 - 12:00:02 MDT