[Lug-bg] Squid+Winbind authentication problem !

[Bojidar Penchev <bpenchev@xxxxxxxxxx>]

Здравейте   ;)

Server1:
  Дистро - CentOS release 4.4 (Final)
  PDC - Samba Version 3.0.24

Server2:
Дистро - Fedora Core release 4
Samba Version 3.0.23a-1.fc4.1 (security = domain)
squid-2.5.STABLE13-1.FC4 - --with-winbind-auth-challenge, 
--enable-ntlm-auth-helpers=SMB winbind, и т.н

Целта ми е да потребителите на домейна PDC да се аутентикират към 
проксито посредством ntlm winbind.
Join-ах самбата на сервер2 към PDC-то, всичко ок без проблем
wbinfo -t
checking the trust secret via RPC calls succeeded
wbinfo -g;-u , също ОК!

Ето и малка извадка от squid.conf
.....
#-----------Auth with NTLM --------------------------------
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN 
/usr/lib/squid/wbinfo_group.pl
.....
.....
acl podai_parola proxy_auth REQUIRED
......
#end conf file

Разбира се промених и правата на  /var/lib/samba/winbindd_privileged/ , 
както пише в HOWTO-то
drwxr-x---   2 root squid  4096 Sep 20 10:48 winbindd_privileged

Пускам squid-a ръчно
squid -d5

и получавам следния резултат

2007/02/09 12:52:40| Starting Squid Cache version 2.5.STABLE13 for 
i386-redhat-linux-gnu...
2007/02/09 12:52:40| Process ID 12761
2007/02/09 12:52:40| With 1024 file descriptors available
2007/02/09 12:52:40| Performing DNS Tests...
2007/02/09 12:52:40| Successful DNS name lookup tests...
2007/02/09 12:52:40| DNS Socket created at 0.0.0.0, port 32802, FD 5
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from /etc/resolv.conf
2007/02/09 12:52:40| Adding nameserver 172.16.0.x from /etc/resolv.conf
2007/02/09 12:52:40| helperStatefulOpenServers: Starting 5 'wb_ntlmauth' 
processes
2007/02/09 12:52:40| helperOpenServers: Starting 5 'wbinfo_group.pl' 
processes
2007/02/09 12:52:40| User-Agent logging is disabled.
2007/02/09 12:52:40| Referer logging is disabled.
2007/02/09 12:52:40| Unlinkd pipe opened on FD 20
2007/02/09 12:52:40| Swap maxSize 46080000 KB, estimated 3544615 objects
2007/02/09 12:52:40| Target number of buckets: 177230
2007/02/09 12:52:40| Using 262144 Store buckets
2007/02/09 12:52:40| Max Mem  size: 145408 KB
2007/02/09 12:52:40| Max Swap size: 46080000 KB
2007/02/09 12:52:40| Store logging disabled
2007/02/09 12:52:40| Rebuilding storage in /squid-cache (DIRTY)
2007/02/09 12:52:40| Using Least Load store dir selection
2007/02/09 12:52:40| Set Current Directory to /var/spool/squid
2007/02/09 12:52:40| Loaded Icons.
2007/02/09 12:52:40| Accepting HTTP connections at 172.16.xx.xx, port 
3128, FD 21.
2007/02/09 12:52:40| Accepting ICP messages at 0.0.0.0, port 3130, FD 22.
2007/02/09 12:52:40| Accepting SNMP messages on port 3401, FD 23.
2007/02/09 12:52:40| WCCP Disabled.
2007/02/09 12:52:40| Ready to serve requests.
2007/02/09 12:52:40| WARNING: ntlmauthenticator #1 (FD 7) exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #2 (FD 8) exited
2007/02/09 12:52:40| WARNING: ntlmauthenticator #3 (FD 9) exited
2007/02/09 12:52:40| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!


И освен това при:
[root@server2 ~]# /usr/lib/squid/wb_ntlmauth
получавам следното:
wb_ntlmauth[12775](wb_ntlm_auth.c:414): Can't contact winbindd. Dying

Когато в squid.conf коментирам директивите auth_param, squida тръгва без 
проблем но без аутентикация, но както споненах по-горе целта ми е 
потребителите да се удостоверяват през проксито и то чрез ntlm WINBIND !
Рових се в google доста време, не можах да намеря нищо което да ми 
помогне да подкарам нещата :(
Някой от вас предполагам се сбласквал с подобен проблем и ще може да ми 
даде поне някаква насока към "успеха"!


Благодаря ви предварително ;)
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg