Re: [squid-users] Re: Squid 3.1 and winbind 3.4.7 permissions issue on winbindd_privileged from Go Wow on 2011-03-18 (squid-users)

From: Go Wow <gowows_at_gmail.com>
Date: Fri, 18 Mar 2011 19:22:43 +0400

After issuing the command gpasswd -a proxy winbindd_priv

wbinfo -a <username> returns sucess for challenge/response but not for
plain text. No error given

sudo wbinfo -a this.user
Enter this.user's password:
plaintext password authentication failed
Could not authenticate user this.user with plaintext password
Enter this.user's password:
challenge/response password authentication succeeded

No error info in winbind log as well.

Regards

On 18 March 2011 17:14, Go Wow <gowows_at_gmail.com> wrote:
> Thanks Amos.
>
> I was going to try with cache_effective_user setting in squid.conf but
> I will try this config first.
>
> Will update you guys.
>
>
> Regards
>
> On 18 March 2011 17:06, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> On 19/03/11 00:15, Go Wow wrote:
>>>
>>> There is a script in /etc/init.d/winbind I tried editing it but still
>>> no luck. I check /etc/init.d/smbd but there is no mentioning about
>>> winbind.
>>>
>>> On 18 March 2011 15:02, Alex Crow wrote:
>>>>
>>>> On 18/03/11 10:47, Go Wow wrote:
>>>>>
>>>>> Just to kill my curiosity and resolve the issue I added proxy and root
>>>>> user to winbindd_priv group as well. But still damn winbind wont
>>>>> start.
>>>>>
>>>>>
>>>>> Regards
>>>>
>>>> Check /etc/init.d/winbind (or /etc/init.d/samba if you don't have
>>>> separate
>>>> scripts for winbind) to make sure it does not set permissions on the
>>>> directory.
>>>>
>>>> Some distributions seem to do this, I think it might even be in upstream
>>>> Samba. Just comment it out if it's doing it - it seems a stupid think to
>>>> put
>>>> in an init script to me.
>>>>
>>>> Cheers
>>>>
>>>> Alex
>>>>
>>>>
>>
>> The correct configuration is detailed here:
>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm#winbind_privileged_pipe_permissions
>>
>> One major gotcha:
>> RHEL and a few other OS patch a hard-coded value for this directive. So
>> that removing it from config still fails. In that case a full re-build
>> without the distro patch is required.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE9 or 3.1.11
>> Beta testers wanted for 3.2.0.5
>>
>
Received on Fri Mar 18 2011 - 15:22:51 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 18 2011 - 12:00:03 MDT