AW: [squid-users] Problems with Group detection with ADS

From: Puschmann, Sven <Sven.Puschmann_at_haevg-rz.de>
Date: Wed, 21 May 2014 08:38:49 +0000

Hi Amos,

Sanba/Winbind Version: Version 3.6.6 (from Debian APT Sources)
Squid Version: 3.1.20 (from Debian APT-Sources)
Both are the Same Version.

There are 2 Domains with mixed Subnets, the Proxyservers have unique Names and IP Addresses and are both Resolved via DNS Correctly.

The New Proxy Server has nothing to do with the running one, it's a newly installed, separate System.

The New Proxy displays with wbinfo -u only the User from his Domain, the running Proxy also (for his own domain).

The Output of wbinfo_group.pl with your Suggestion:
===========================
echo "user.name@<DOMAIN NAME> pxy-standard" | /usr/lib/squid3/wbinfo_group.pl
failed to call wbcGetGroups: WBC_ERR_DOMAIN_NOT_FOUND
Could not get groups for user user.name@<DOMAIN NAME>
ERR

echo "user.name@<DOMAIN-FQDN>.<DOMAIN-TLD> pxy-standard" | /usr/lib/squid3/wbinfo_group.pl
failed to call wbcGetGroups: WBC_ERR_DOMAIN_NOT_FOUND
Could not get groups for user user.name@<DOMAIN-FQDN>.<DOMAIN-TLD>
ERR
===========================

Same output on the running Proxy (with a User from his Domain)

Greetings
Sven Puschmann

-----Ursprüngliche Nachricht-----
Von: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Gesendet: Mittwoch, 21. Mai 2014 10:22
An: squid-users_at_squid-cache.org
Betreff: Re: [squid-users] Problems with Group detection with ADS

So NTLM and Basic user names work.

How about Kerberos credentials? (user.name_at_DOMAIN-NAME)

> Has anybody an Idea what might be the Problem? I'm really confused about the Situation that it's okay via IP-Address and not okay via DNS Name. The DNS Resolution is in function (fromm any Client)
>

* Squid version(s)?

* Samba version?

* is there anything different about the IPs the proxy hostname resolves
to on each site?

* are the Kerberos keytabs for proxy by-hostname correctly installed on
the clients machine in the new location?
 - compare the sets available to users at each location and see if there
is a difference.

Amos
Received on Wed May 21 2014 - 08:39:03 MDT

This archive was generated by hypermail 2.2.0 : Wed May 21 2014 - 12:00:05 MDT