|
Титла: squid ntlm authentication for nt domain Публикувано от: nenni в Feb 03, 2005, 12:41 здравейте,
имам проблем с нтлм аутн. на потребители от нт домайн. мисля че изчетох доста (явно и доста не съм щом не си го подкарах сам) нещо ми липсва все още: Имам инсталирана samba 3.0.10 ./configure --with-winbind smb.conf: [global] workgroup = mylan server string = Samba Server security = domain load printers = no log file = /usr/local/samba/var/log.%m max log size = 50 password server = pdc winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes encrypt passwords = yes wins server = 10.0.0.1 dns proxy = no ## permitions: drwxr-x--- 2 root squid 4096 Jan 31 15:26 winbindd_privileged srwxrwxrwx 1 root squid 0 Jan 31 15:26 pipe proxy squid (squid-2.5.STABLE5-icap-6-pre3)compiled and configuration: ./configure --enable-auth="ntlm,basic" --enable-external-acl-helpers="wbinfo_group" --enable-icap-support squid.conf: auth_param ntlm program /usr/local/samba/bin/ntlm_auth \ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/samba/bin/ntlm_auth \ --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl Auth proxy_auth REQUIRED http_access allow all Auth error: after starting: ./squid -N -d1 and IE 6 sp2 it crashes: FATAL: authenticateNTLMHandleReply: called with no result string in the access.log: 1107254685.852 3 10.3.67.89 TCP_DENIED/407 1698 GET http://web/ - NONE/- \ text/html 1107254695.134 1 10.3.67.89 TCP_DENIED/407 1698 GET http://web/ - \ NONE/- text/html in the cache.log: 2005/02/01 15:31:44| helperStatefulOpenServers: Starting 30 'ntlm_auth' processes ntlm_auth: error opening config file /usr/local/samba/lib/smb.conf. Error was Invalid \ or incomplete multibyte or wide character ...... 2005/02/01 15:31:48| helperOpenServers: Starting 5 'ntlm_auth' processes ntlm_auth: error opening config file /usr/local/samba/lib/smb.conf. Error was Invalid \ or incomplete multibyte or wide character ### squid is ruuning as squid user, squid group ./wbinfo -t, -u, -g , -a user%password is ok and successfull /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic mylan\myuser mypasswd OK има и още нещо свързано с winbindd. ./winbindd -i (from samba) and after that ./w binfo -t : checking the trust secret via RPC calls succeeded ./wbinfo -g: (sometimes it works) Error looking up domain groups and in the winbindd -i appears: cli_pipe: return critical error. Error was Call timed out: server did not respond after 10000 milliseconds other thing is /us r/local/samba/lib/smb.conf : -rw------- 1 root staff 10272 Feb 2 17:50 smb.conf, трябва ли да променя правата з достъп до смб.конф файла. заради грешката в cache.log на squid-a, проверих и: I test my smb.conf with : ./testparm -s Load smb config files from /usr/local/samba/lib/smb.conf Processing section "[homes]" Processing section "[printers]" Loaded services file OK. # Global parameters [global] workgroup = MYLAN server string = Netmon security = DOMAIN password server = MYPDC log file = /usr/local/samba/var/log.%m max log size = 50 load printers = No dns proxy = No wins server = 10.3.67.222 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind use default domain = Yes hosts allow = 10.0.1., 10.0.2., 10.0.3., 10.0.4. [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No Някой да има предложения? 10x |