Титла: Squid+winbind
Публикувано от: ALF в Feb 12, 2007, 14:03
Здравейте 
Server1:
Дистро - CentOS release 4.4 (Final)
PDC - Samba Version 3.0.24
Server2:
Дистро - Fedora Core release 4
Samba Version 3.0.23a-1.fc4.1 (security = domain)
squid-2.5.STABLE13-1.FC4 - --with-winbind-auth-challenge, --enable-ntlm-auth-helpers=SMB winbind, и т.н
Целта ми е да потребителите на домейна PDC да се аутентикират към проксито посредством ntlm winbind.
Join-ах самбата на сервер2 към PDC-то, всичко ок без проблем
wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -g;-u , също ОК!
Ето и малка извадка от squid.conf
.....
#-----------Auth with NTLM --------------------------------
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_group.pl
.....
.....
acl podai_parola proxy_auth REQUIRED
......
#end conf file
Разбира се промених и правата на /var/lib/samba/winbindd_privileged/ , както пише в HOWTO-то
drwxr-x--- 2 root squid 4096 Sep 20 10:48 winbindd_privileged
Пускам squid-a ръчно
squid -d5
и получавам следния резултат
2007/02/09 12:52:40| Starting Squid Cache version 2.5.STABLE13 for i386-redhat-linux-gnu...
2007/02/09 12:52:40| Process ID 12761
2007/02/09 12:52:40| With 1024 file descriptors available
2007/02/09 12:52:40| Performing DNS Tests...
2007/02/09 12:52:40| Successful DNS name lookup tests...
2007/02/09 12:52:40| DNS Socket created at 0.0.0.0, port 32802, FD 5
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from /etc/resolv.conf
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from /etc/resolv.conf
2007/02/09 12:52:40| helperStatefulOpenServers: Starting 5 'wb_ntlmauth' processes
2007/02/09 12:52:40| helperOpenServers: Starting 5 'wbinfo_group.pl' processes
2007/02/09 12:52:40| User-Agent logging is disabled.
2007/02/09 12:52:40| Referer logging is disabled.
2007/02/09 12:52:40| Unlinkd pipe opened on FD 20
2007/02/09 12:52:40| Swap maxSize 46080000 KB, estimated 3544615 objects
2007/02/09 12:52:40| Target number of buckets: 177230
2007/02/09 12:52:40| Using 262144 Store buckets
2007/02/09 12:52:40| Max Mem size: 145408 KB
2007/02/09 12:52:40| Max Swap size: 46080000 KB
2007/02/09 12:52:40| Store logging disabled
2007/02/09 12:52:40| Rebuilding storage in /squid-cache (DIRTY)
2007/02/09 12:52:40| Using Least Load store dir selection
2007/02/09 12:52:40| Set Current Directory to /var/spool/squid
2007/02/09 12:52:40| Loaded Icons.
2007/02/09 12:52:40| Accepting HTTP connections at 172.16.xx.xx, port 3128, FD 21.
2007/02/09 12:52:40| Accepting ICP messages at 0.0.0.0, port 3130, FD 22.
2007/02/09 12:52:40| Accepting SNMP messages on port 3401, FD 23.
2007/02/09 12:52:40| WCCP Disabled.
2007/02/09 12:52:40| Ready to serve requests.
2007/02/09 12:52:40| WARNING: ntlmauthenticator #1 (FD 7) exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #2 (FD 8) exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #3 (FD 9) exited
2007/02/09 12:52:40| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!
И освен това при:
[root@server2 ~]# /usr/lib/squid/wb_ntlmauth
получавам следното:
wb_ntlmauth[12775](wb_ntlm_auth.c:414): Can't contact winbindd. Dying
Когато в squid.conf коментирам директивите auth_param, squida тръгва без проблем но без аутентикация, но както споненах по-горе целта ми е потребителите да се удостоверяват през проксито и то чрез ntlm WINBIND !
Рових се в google доста време, не можах да намеря нищо което да ми помогне да подкарам нещата
Някой от вас предполагам се сбласквал с подобен проблем и ще може да ми даде поне някаква насока към "успеха"!
Благодаря ви предварително
Server1:
Дистро - CentOS release 4.4 (Final)
PDC - Samba Version 3.0.24
Server2:
Дистро - Fedora Core release 4
Samba Version 3.0.23a-1.fc4.1 (security = domain)
squid-2.5.STABLE13-1.FC4 - --with-winbind-auth-challenge, --enable-ntlm-auth-helpers=SMB winbind, и т.н
Целта ми е да потребителите на домейна PDC да се аутентикират към проксито посредством ntlm winbind.
Join-ах самбата на сервер2 към PDC-то, всичко ок без проблем
wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -g;-u , също ОК!
Ето и малка извадка от squid.conf
.....
#-----------Auth with NTLM --------------------------------
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_group.pl
.....
.....
acl podai_parola proxy_auth REQUIRED
......
#end conf file
Разбира се промених и правата на /var/lib/samba/winbindd_privileged/ , както пише в HOWTO-то
drwxr-x--- 2 root squid 4096 Sep 20 10:48 winbindd_privileged
Пускам squid-a ръчно
squid -d5
и получавам следния резултат
2007/02/09 12:52:40| Starting Squid Cache version 2.5.STABLE13 for i386-redhat-linux-gnu...
2007/02/09 12:52:40| Process ID 12761
2007/02/09 12:52:40| With 1024 file descriptors available
2007/02/09 12:52:40| Performing DNS Tests...
2007/02/09 12:52:40| Successful DNS name lookup tests...
2007/02/09 12:52:40| DNS Socket created at 0.0.0.0, port 32802, FD 5
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from /etc/resolv.conf
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from /etc/resolv.conf
2007/02/09 12:52:40| helperStatefulOpenServers: Starting 5 'wb_ntlmauth' processes
2007/02/09 12:52:40| helperOpenServers: Starting 5 'wbinfo_group.pl' processes
2007/02/09 12:52:40| User-Agent logging is disabled.
2007/02/09 12:52:40| Referer logging is disabled.
2007/02/09 12:52:40| Unlinkd pipe opened on FD 20
2007/02/09 12:52:40| Swap maxSize 46080000 KB, estimated 3544615 objects
2007/02/09 12:52:40| Target number of buckets: 177230
2007/02/09 12:52:40| Using 262144 Store buckets
2007/02/09 12:52:40| Max Mem size: 145408 KB
2007/02/09 12:52:40| Max Swap size: 46080000 KB
2007/02/09 12:52:40| Store logging disabled
2007/02/09 12:52:40| Rebuilding storage in /squid-cache (DIRTY)
2007/02/09 12:52:40| Using Least Load store dir selection
2007/02/09 12:52:40| Set Current Directory to /var/spool/squid
2007/02/09 12:52:40| Loaded Icons.
2007/02/09 12:52:40| Accepting HTTP connections at 172.16.xx.xx, port 3128, FD 21.
2007/02/09 12:52:40| Accepting ICP messages at 0.0.0.0, port 3130, FD 22.
2007/02/09 12:52:40| Accepting SNMP messages on port 3401, FD 23.
2007/02/09 12:52:40| WCCP Disabled.
2007/02/09 12:52:40| Ready to serve requests.
2007/02/09 12:52:40| WARNING: ntlmauthenticator #1 (FD 7) exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #2 (FD 8) exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #3 (FD 9) exited
2007/02/09 12:52:40| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!
И освен това при:
[root@server2 ~]# /usr/lib/squid/wb_ntlmauth
получавам следното:
wb_ntlmauth[12775](wb_ntlm_auth.c:414): Can't contact winbindd. Dying
Когато в squid.conf коментирам директивите auth_param, squida тръгва без проблем но без аутентикация, но както споненах по-горе целта ми е потребителите да се удостоверяват през проксито и то чрез ntlm WINBIND !
Рових се в google доста време, не можах да намеря нищо което да ми помогне да подкарам нещата
Някой от вас предполагам се сбласквал с подобен проблем и ще може да ми даде поне някаква насока към "успеха"!
Благодаря ви предварително