On Tue, 2004-10-05 at 03:16, Michael Wray wrote: > Authenticating Server: 2003 with Active Directory Enabled > Squid Server: FreeBSD 5.1 > Samba: 3.0.7,1 > Other package info in package list at bottom. > > The DNS server is on the 2003 Server with the proper kerberos and ldap > entries in the DNS server. (Passes Active Directory DNS utility tests) > > Responses are sent in LM, NTLM, &NTLM2 when negotiated. > > Signing requirements are not configured. (Choices: Enable, or not > configured). > > Have read, and followed to best of my ability the squid FAQ and > winbind/nmb/samba man pages. Things that work: All of the command line > based tests work, as you will see when you look below. But when I try to > authenticate with a browser I get denied, and the following info in > cache.log and log.winbindd. If I modify the permissions on > /var/db/samba/winbindd_privileged, that breaks the wbinfo tests saying that > the permissions on that file are incorrect.
We have these permissions incorrect messages for a reason :-) The correct permissions are to allow *group* access to the privileged pipe, say to the squid group. chgrp squid /var/db/samba/winbindd_privileged chmod g+rx /var/db/samba/winbindd_privileged Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
