Здравейте ;)
Server1:
Дистро - CentOS release 4.4 (Final)
PDC - Samba Version 3.0.24
Server2:
Дистро - Fedora Core release 4
Samba Version 3.0.23a-1.fc4.1 (security = domain)
squid-2.5.STABLE13-1.FC4 - --with-winbind-auth-challenge,
--enable-ntlm-auth-helpers=SMB winbind, и т.н
Целта ми е да потребителите на домейна PDC да се
аутентикират към проксито посредством ntlm winbind.
Join-ах самбата на сервер2 към PDC-то, всичко ок без
проблем
wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -g;-u , също ОК!
Ето и малка извадка от squid.conf
.....
#-----------Auth with NTLM --------------------------------
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
/usr/lib/squid/wbinfo_group.pl
.....
.....
acl podai_parola proxy_auth REQUIRED
......
#end conf file
Разбира се промених и правата на
/var/lib/samba/winbindd_privileged/ , както пише в HOWTO-то
drwxr-x--- 2 root squid 4096 Sep 20 10:48
winbindd_privileged
Пускам squid-a ръчно
squid -d5
и получавам следния резултат
2007/02/09 12:52:40| Starting Squid Cache version
2.5.STABLE13 for i386-redhat-linux-gnu...
2007/02/09 12:52:40| Process ID 12761
2007/02/09 12:52:40| With 1024 file descriptors available
2007/02/09 12:52:40| Performing DNS Tests...
2007/02/09 12:52:40| Successful DNS name lookup tests...
2007/02/09 12:52:40| DNS Socket created at 0.0.0.0, port
32802, FD 5
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from
/etc/resolv.conf
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from
/etc/resolv.conf
2007/02/09 12:52:40| helperStatefulOpenServers: Starting 5
'wb_ntlmauth' processes
2007/02/09 12:52:40| helperOpenServers: Starting 5
'wbinfo_group.pl' processes
2007/02/09 12:52:40| User-Agent logging is disabled.
2007/02/09 12:52:40| Referer logging is disabled.
2007/02/09 12:52:40| Unlinkd pipe opened on FD 20
2007/02/09 12:52:40| Swap maxSize 46080000 KB, estimated
3544615 objects
2007/02/09 12:52:40| Target number of buckets: 177230
2007/02/09 12:52:40| Using 262144 Store buckets
2007/02/09 12:52:40| Max Mem size: 145408 KB
2007/02/09 12:52:40| Max Swap size: 46080000 KB
2007/02/09 12:52:40| Store logging disabled
2007/02/09 12:52:40| Rebuilding storage in /squid-cache
(DIRTY)
2007/02/09 12:52:40| Using Least Load store dir selection
2007/02/09 12:52:40| Set Current Directory to
/var/spool/squid
2007/02/09 12:52:40| Loaded Icons.
2007/02/09 12:52:40| Accepting HTTP connections at
172.16.xx.xx, port 3128, FD 21.
2007/02/09 12:52:40| Accepting ICP messages at 0.0.0.0,
port
3130, FD 22.
2007/02/09 12:52:40| Accepting SNMP messages on port 3401,
FD 23.
2007/02/09 12:52:40| WCCP Disabled.
2007/02/09 12:52:40| Ready to serve requests.
2007/02/09 12:52:40| WARNING: ntlmauthenticator #1 (FD 7)
exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #2 (FD 8)
exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #3 (FD 9)
exited
2007/02/09 12:52:40| Too few ntlmauthenticator processes
are
running
FATAL: The ntlmauthenticator helpers are crashing too
rapidly, need help!
И освен това при:
[root@server2 ~]# /usr/lib/squid/wb_ntlmauth
получавам следното:
wb_ntlmauth[12775](wb_ntlm_auth.c:414): Can't contact
winbindd. Dying
Когато в squid.conf коментирам директивите auth_param,
squida тръгва без проблем но без аутентикация, но както
споненах по-горе целта ми е потребителите да се
удостоверяват през проксито и то чрез ntlm WINBIND !
Рових се в google доста време, не можах да намеря нищо
което
да ми помогне да подкарам нещата :(
Някой от вас предполагам се сбласквал с подобен проблем и
ще
може да ми даде поне някаква насока към "успеха"!
Благодаря ви предварително ;)
|