yeap! no success just yet :( Victor Medina Phyllis Diller - "If it weren't for baseball, many kids wouldn't know what a millionaire looked like."
On Tue, Mar 31, 2009 at 6:17 PM, Stefan Dengscherz <stefan.dengsch...@gmail.com> wrote: > Hello Victor, > > > did you try supplying the domain name along with the username? Like > "DOMAIN\administrator". Or adding "winbind use default domain = yes" > to your samba configuration. > > > Regards, > > -sd > > 2009/3/31 Victor Medina <vitt...@gmail.com>: >> David, it did not work. >> >> Any suggestion? >> >> Victor Medina >> >> Samuel Goldwyn - "I don't think anyone should write their >> autobiography until after they're dead." >> >> >> On Wed, Apr 1, 2009 at 12:13 PM, David Wells <d.we...@vitalcan.com.ar> wrote: >>> Victor Medina wrote: >>>> >>>> Hi Guys! >>>> >>>> >>>> Probably this is not the best place to ask, I'll try anyway... =) >>>> >>>> I've been trying to configure a Samba PDC and a Squid Porxy server >>>> with NTLM auth on the same machine but NTML_AUTH keeps complaining >>>> about: NT_STATUS_INVALID_HANDLE.... I have others machines running >>>> Squid and Authenticating against a Samba Server but on different >>>> machines, this is the first time a try both on the same machine. >>>> >>>> Can I use Squid+NTLM Auth and Samba configured as PDC on the same >>>> machine? Is there any winbind issue with this kind of configuration? >>>> >>>> I'm using SLES10+SP2 >>>> Samba version as reported by rpm is 3.0.32-0.8 >>>> Squid version as reported by rpm is 2.5.STABLE12-18.13 >>>> >>>> ------------------------------------------------- >>>> This is my smb.conf >>>> >>>> [global] >>>> dos charset = 850 >>>> unix charset = ISO8859-1 >>>> workgroup = C1.SV >>>> netbios name = PDCSRVC1SV >>>> server string = >>>> interfaces = eth0 >>>> bind interfaces only = Yes >>>> map to guest = Bad Password >>>> passdb backend = ldapsam:ldap://127.0.0.1 >>>> guest account = Invitado >>>> time server = Yes >>>> deadtime = 20 >>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>>> printcap name = cups >>>> logon path = >>>> logon home = >>>> domain logons = Yes >>>> os level = 65 >>>> preferred master = Yes >>>> domain master = Yes >>>> wins support = Yes >>>> ldap admin dn = cn=Administrador,o=Ferreteria EPA >>>> ldap delete dn = Yes >>>> ldap group suffix = ou=group >>>> ldap machine suffix = ou=people >>>> ldap passwd sync = Yes >>>> ldap suffix = ou=c1,c=sv,o=Ferreteria EPA >>>> ldap user suffix = ou=people >>>> idmap domains = DEFAULT >>>> idmap alloc backend = ldap >>>> idmap alloc config:range = 10000-100000 >>>> idmap alloc config:ldap_url = ldap://127.0.0.1 >>>> idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA >>>> idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria >>>> EPA >>>> idmap config DEFAULT:range = 10000-100000 >>>> idmap config DEFAULT:ldap_url = ldap://127.0.0.1 >>>> idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria >>>> EPA >>>> idmap config DEFAULT:ldap_base_dn = >>>> ou=idmap,ou=c1,c=sv,o=Ferreteria EPA >>>> idmap config DEFAULT:default = yes >>>> idmap config DEFAULT:readonly = no >>>> idmap config DEFAULT:backend = ldap >>>> ldapsam:editposix = yes >>>> ldapsam:trusted = yes >>>> create mask = 0640 >>>> force create mode = 0640 >>>> directory mask = 0750 >>>> force directory mode = 0750 >>>> case sensitive = No >>>> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd >>>> >>>> My relevant squid.conf lines... >>>> >>>> auth_param ntlm program /usr/bin/ntlm_auth >>>> --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV >>>> auth_param basic program /usr/bin/ntlm_auth >>>> --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV >>>> auth_param ntlm children 100 >>>> auth_param basic children 100 >>>> auth_param basic realm Squid proxy-caching web server >>>> auth_param basic credentialsttl 2 hours >>>> >>>> >>>> >>>> >>>> The pdc works as expected, machine join works like charm, users and >>>> groups management works equally right, all accounts are placed in the >>>> LDAP, getent passwd, groups and shadow shows the ldap accounts >>>> >>>> I also did a few tests with wbinfo >>>> >>>> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u >>>> invitado >>>> usuarioprueba >>>> e01ggen >>>> e01glogis >>>> e01gcont >>>> e01jcomp1 >>>> e01jcomp2 >>>> e01jcomp3 >>>> e01jcomp4 >>>> e01jrepo >>>> e01jreclu >>>> e01rrece >>>> e01gcom >>>> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g >>>> BUILTIN >>>> BUILTIN >>>> domain users >>>> domain admins >>>> domain guests >>>> grupoprueba >>>> gcentralsv >>>> gcompras >>>> gcontrol >>>> ggerencia >>>> glogistica >>>> gmercadeo >>>> gpersonal >>>> gventas >>>> gjefecompras >>>> gjefecontrol >>>> gjefelogistica >>>> gjefepersonal >>>> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --all-domains >>>> C1.SV >>>> >>>> >>>> I also made sure squid users can read /var/lib/samba/winbindd_privileged >>>> >>>> >>>> I also noted this error: >>>> >>>> e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo >>>> --authenticate=administrator%12345678 >>>> plaintext password authentication failed >>>> error code was NT_STATUS_NO_SUCH_USER (0xc0000064) >>>> error messsage was: No such user >>>> Could not authenticate user administrator%12345678 with plaintext password >>>> winbind separator was NULL! >>>> challenge/response password authentication failed >>>> error code was NT_STATUS_INVALID_HANDLE (0xc0000008) >>>> error messsage was: Invalid handle >>>> Could not authenticate user administrator with challenge/response >>>> >>>> Does someone have any idea of could go wrong? When I use squid and >>>> samba on different machines i usually join the squid machine to the >>>> domain using a net join, is this necesary when the pdc and squid are >>>> on the same machine? >>>> >>>> Victor Medina >>>> >>>> Samuel Goldwyn - "I don't think anyone should write their >>>> autobiography until after they're dead." >>>> >>> >>> I think you should add lo to the interfaces listed in smb.conf >>> >>> Best regards, David Wells. >>> >>> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > > -- > The box said Windows Vista or better. So I bought a Mac. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba