Re: [squid-users] Re: Squid 3.1 and winbind 3.4.7 permissions issue on winbindd_privileged from Go Wow on 2011-03-18 (squid-users)

From: Go Wow <gowows_at_gmail.com>
Date: Fri, 18 Mar 2011 20:04:58 +0400

Winbind works properly , my bad I was issuing sudo wbinfo -a
<username> where it should been sudo wbinfo -a domain\\username

Thanks for help.

Regard

On 18 March 2011 19:22, Go Wow <gowows_at_gmail.com> wrote:
> After issuing the command gpasswd -a proxy winbindd_priv
>
> wbinfo -a <username> returns sucess for challenge/response but not for
> plain text. No error given
>
> sudo wbinfo -a this.user
> Enter this.user's password:
> plaintext password authentication failed
> Could not authenticate user this.user with plaintext password
> Enter this.user's password:
> challenge/response password authentication succeeded
>
> No error info in winbind log as well.
>
>
> Regards
>
>
>
>
> On 18 March 2011 17:14, Go Wow <gowows_at_gmail.com> wrote:
>> Thanks Amos.
>>
>> I was going to try with cache_effective_user setting in squid.conf but
>> I will try this config first.
>>
>> Will update you guys.
>>
>>
>> Regards
>>
>> On 18 March 2011 17:06, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>> On 19/03/11 00:15, Go Wow wrote:
>>>>
>>>> There is a script in /etc/init.d/winbind I tried editing it but still
>>>> no luck. I check /etc/init.d/smbd but there is no mentioning about
>>>> winbind.
>>>>
>>>> On 18 March 2011 15:02, Alex Crow wrote:
>>>>>
>>>>> On 18/03/11 10:47, Go Wow wrote:
>>>>>>
>>>>>> Just to kill my curiosity and resolve the issue I added proxy and root
>>>>>> user to winbindd_priv group as well. But still damn winbind wont
>>>>>> start.
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>
>>>>> Check /etc/init.d/winbind (or /etc/init.d/samba if you don't have
>>>>> separate
>>>>> scripts for winbind) to make sure it does not set permissions on the
>>>>> directory.
>>>>>
>>>>> Some distributions seem to do this, I think it might even be in upstream
>>>>> Samba. Just comment it out if it's doing it - it seems a stupid think to
>>>>> put
>>>>> in an init script to me.
>>>>>
>>>>> Cheers
>>>>>
>>>>> Alex
>>>>>
>>>>>
>>>
>>> The correct configuration is detailed here:
>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm#winbind_privileged_pipe_permissions
>>>
>>> One major gotcha:
>>> RHEL and a few other OS patch a hard-coded value for this directive. So
>>> that removing it from config still fails. In that case a full re-build
>>> without the distro patch is required.
>>>
>>> Amos
>>> --
>>> Please be using
>>> Current Stable Squid 2.7.STABLE9 or 3.1.11
>>> Beta testers wanted for 3.2.0.5
>>>
>>
>
Received on Fri Mar 18 2011 - 16:05:06 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 18 2011 - 12:00:03 MDT