David, it did not work. Any suggestion?
Victor Medina Samuel Goldwyn - "I don't think anyone should write their autobiography until after they're dead." On Wed, Apr 1, 2009 at 12:13 PM, David Wells <[email protected]> wrote: > Victor Medina wrote: >> >> Hi Guys! >> >> >> Probably this is not the best place to ask, I'll try anyway... =) >> >> I've been trying to configure a Samba PDC and a Squid Porxy server >> with NTLM auth on the same machine but NTML_AUTH keeps complaining >> about: NT_STATUS_INVALID_HANDLE.... I have others machines running >> Squid and Authenticating against a Samba Server but on different >> machines, this is the first time a try both on the same machine. >> >> Can I use Squid+NTLM Auth and Samba configured as PDC on the same >> machine? Is there any winbind issue with this kind of configuration? >> >> I'm using SLES10+SP2 >> Samba version as reported by rpm is 3.0.32-0.8 >> Squid version as reported by rpm is 2.5.STABLE12-18.13 >> >> ------------------------------------------------- >> This is my smb.conf >> >> [global] >> dos charset = 850 >> unix charset = ISO8859-1 >> workgroup = C1.SV >> netbios name = PDCSRVC1SV >> server string = >> interfaces = eth0 >> bind interfaces only = Yes >> map to guest = Bad Password >> passdb backend = ldapsam:ldap://127.0.0.1 >> guest account = Invitado >> time server = Yes >> deadtime = 20 >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> printcap name = cups >> logon path = >> logon home = >> domain logons = Yes >> os level = 65 >> preferred master = Yes >> domain master = Yes >> wins support = Yes >> ldap admin dn = cn=Administrador,o=Ferreteria EPA >> ldap delete dn = Yes >> ldap group suffix = ou=group >> ldap machine suffix = ou=people >> ldap passwd sync = Yes >> ldap suffix = ou=c1,c=sv,o=Ferreteria EPA >> ldap user suffix = ou=people >> idmap domains = DEFAULT >> idmap alloc backend = ldap >> idmap alloc config:range = 10000-100000 >> idmap alloc config:ldap_url = ldap://127.0.0.1 >> idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA >> idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria >> EPA >> idmap config DEFAULT:range = 10000-100000 >> idmap config DEFAULT:ldap_url = ldap://127.0.0.1 >> idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria >> EPA >> idmap config DEFAULT:ldap_base_dn = >> ou=idmap,ou=c1,c=sv,o=Ferreteria EPA >> idmap config DEFAULT:default = yes >> idmap config DEFAULT:readonly = no >> idmap config DEFAULT:backend = ldap >> ldapsam:editposix = yes >> ldapsam:trusted = yes >> create mask = 0640 >> force create mode = 0640 >> directory mask = 0750 >> force directory mode = 0750 >> case sensitive = No >> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd >> >> My relevant squid.conf lines... >> >> auth_param ntlm program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV >> auth_param basic program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV >> auth_param ntlm children 100 >> auth_param basic children 100 >> auth_param basic realm Squid proxy-caching web server >> auth_param basic credentialsttl 2 hours >> >> >> >> >> The pdc works as expected, machine join works like charm, users and >> groups management works equally right, all accounts are placed in the >> LDAP, getent passwd, groups and shadow shows the ldap accounts >> >> I also did a few tests with wbinfo >> >> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u >> invitado >> usuarioprueba >> e01ggen >> e01glogis >> e01gcont >> e01jcomp1 >> e01jcomp2 >> e01jcomp3 >> e01jcomp4 >> e01jrepo >> e01jreclu >> e01rrece >> e01gcom >> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g >> BUILTIN >> BUILTIN >> domain users >> domain admins >> domain guests >> grupoprueba >> gcentralsv >> gcompras >> gcontrol >> ggerencia >> glogistica >> gmercadeo >> gpersonal >> gventas >> gjefecompras >> gjefecontrol >> gjefelogistica >> gjefepersonal >> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --all-domains >> C1.SV >> >> >> I also made sure squid users can read /var/lib/samba/winbindd_privileged >> >> >> I also noted this error: >> >> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo >> --authenticate=administrator%12345678 >> plaintext password authentication failed >> error code was NT_STATUS_NO_SUCH_USER (0xc0000064) >> error messsage was: No such user >> Could not authenticate user administrator%12345678 with plaintext password >> winbind separator was NULL! >> challenge/response password authentication failed >> error code was NT_STATUS_INVALID_HANDLE (0xc0000008) >> error messsage was: Invalid handle >> Could not authenticate user administrator with challenge/response >> >> Does someone have any idea of could go wrong? When I use squid and >> samba on different machines i usually join the squid machine to the >> domain using a net join, is this necesary when the pdc and squid are >> on the same machine? >> >> Victor Medina >> >> Samuel Goldwyn - "I don't think anyone should write their >> autobiography until after they're dead." >> > > I think you should add lo to the interfaces listed in smb.conf > > Best regards, David Wells. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
