On Wed, 2005-11-02 at 17:03 +0100, Henrik Nordstrom wrote: > On Wed, 2 Nov 2005, Serassio Guido wrote: > > >> > Unable to open tdb '/usr/local/samba/private/secrets.ldb' > >> > Failed to connect to '/usr/local/samba/private/secrets.ldb' > >> > Could not open secrets.ldb > >> > >> This sounds stupid, but you will need to either run Squid as root, or > >> give world access to secrets.ldb. > >> > >> This will change before release... > > > > OK, I will do a try. > > With the new group settings in Squid it should be sufficient to just > create a "samba" group and have /usr/local/samba/private/ owned by that > group, with your Squid cache_effective_user as member of the group.. > > Similar to the permission problem of the winbind privileged pipe.
As a longer-term option I'm considering either having ntlm_auth use it's own keytab, or having it submit the whole exchange to winbindd for verification, much as it does for NTLM in Samba3. In many ways it will be a trade-off between a complex and more secure solution and a simpler but faster solution. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
