Thanks for that, I'll give it a go when I get a chance.
It looks like the approach of defining a winbindd_privileged group is fine then.
----------
Jim Barber
DDI Health
Luca Maranzano wrote:
Hi,
Issue: permissions on /var/run/samba/winbindd_privileged/ and
/usr/bin/ntlm_auth for Squid
I've faced this issue on my Debian 4.0 with winbind 3.0.24 and Squid
2.6.12 from testing.
I've solved in this way:
- added the proxy user to the winbindd_privileged group
- in /etc/squid/squid.conf
set "cache_effective_user proxy" but NOT "cache_effective_group proxy"
since from the documentation of Squid:
# TAG: cache_effective_group
# If you want Squid to run with a specific GID regardless of
# the group memberships of the effective user then set this
# to the group (or GID) you want Squid to run as. When set
# all other group privileges of the effective user is ignored
# and only this GID is effective. If Squid is not started as
# root the user starting Squid must be member of the specified
# group.
# cache_effective_group proxy
So if you set this option the Squid process will lose supplementary
group and will not have access to winbindd_privileged.
HTH.
Cheers,
Luca
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
