Re: [Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
Am 02.10.2013 21:53, schrieb Jeremy Allison: > On Wed, Oct 02, 2013 at 11:38:21AM +0200, Andreas Oster wrote: >> Hi all, >> >> I have run into a problem with our samba4 setup. I have successfully >> joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the >> samba4 AD. User authentication does work but unfortunately the ISE is >> unable to fetch the AD groups from the domain controller. In the samba >> logs I get the following error message when initiating the group fetch: >> >> [2013/10/02 10:21:37.605554, 0] >> ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) >> Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136 > > LDAP request type 16 == LDAP_TAG_AbandonRequest > which we don't handle in the cldap request handler. > > That's why you're getting the error. > > Jeremy. > Hello Jeremy, thank you very much for your fast response. Any chance that this request type will be added ? Thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Crashing
On Wed, Oct 02, 2013 at 06:20:34AM -0600, Wayne Andersen wrote: > I have Samba 4.0.9 installed on three Centos servers. > > On my primary DC I am getting faults and core dumps. > > Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.083800, 0] > ../lib/util/fault.c:72(fault_report) > Oct 2 06:10:37 dc1 smbd[1195]: > === > Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084493, 0] > ../lib/util/fault.c:73(fault_report) > Oct 2 06:10:37 dc1 smbd[1195]: INTERNAL ERROR: Signal 11 in pid > 1195 (4.0.9) > Oct 2 06:10:37 dc1 smbd[1195]: Please read the Trouble-Shooting > section of the Samba HOWTO > Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084928, 0] > ../lib/util/fault.c:75(fault_report) > Oct 2 06:10:37 dc1 smbd[1195]: > === > Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.085268, 0] > ../source3/lib/util.c:810(smb_panic_s3) > Oct 2 06:10:37 dc1 smbd[1195]: PANIC (pid 1195): internal error > Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.087348, 0] > ../source3/lib/util.c:921(log_stack_trace) > Oct 2 06:10:37 dc1 smbd[1195]: BACKTRACE: 32 stack frames: > Oct 2 06:10:37 dc1 smbd[1195]:#0 > /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x2b) > [0xdd2bc5] > Oct 2 06:10:37 dc1 smbd[1195]:#1 > /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x7f) [0xdd2a23] > Oct 2 06:10:37 dc1 smbd[1195]:#2 > /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x2a) [0xb2c76c] > Oct 2 06:10:37 dc1 smbd[1195]:#3 > /usr/local/samba/lib/libsamba-util.so.0(+0x1745f) [0xb2c45f] > Oct 2 06:10:37 dc1 smbd[1195]:#4 > /usr/local/samba/lib/libsamba-util.so.0(+0x17470) [0xb2c470] > Oct 2 06:10:37 dc1 smbd[1195]:#5 [0x521400] > Oct 2 06:10:37 dc1 smbd[1195]:#6 > /usr/local/samba/lib/private/libdfs_server_ad.so(+0x1d10) [0x3efd10] > Oct 2 06:10:37 dc1 smbd[1195]:#7 > /usr/local/samba/lib/private/libdfs_server_ad.so(+0x2780) [0x3f0780] > Oct 2 06:10:37 dc1 smbd[1195]:#8 > /usr/local/samba/lib/private/libdfs_server_ad.so(dfs_server_ad_get_referrals+0x38d) > [0x3f1409] > Oct 2 06:10:37 dc1 smbd[1195]:#9 > /usr/local/samba/lib/private/libsmbd_base.so(+0x1a1e75) [0x8cfe75] > Oct 2 06:10:37 dc1 smbd[1195]:#10 > /usr/local/samba/lib/private/libsmbd_base.so(smb_vfs_call_get_dfs_referrals+0x3d) > [0x83a1f9] > Oct 2 06:10:37 dc1 smbd[1195]:#11 > /usr/local/samba/lib/private/libsmbd_base.so(setup_dfs_referral+0xea) > [0x8625ca] > Oct 2 06:10:37 dc1 smbd[1195]:#12 > /usr/local/samba/lib/private/libsmbd_base.so(+0xed942) [0x81b942] > Oct 2 06:10:37 dc1 smbd[1195]:#13 > /usr/local/samba/lib/private/libsmbd_base.so(+0xee3d1) [0x81c3d1] > Oct 2 06:10:37 dc1 smbd[1195]:#14 > /usr/local/samba/lib/private/libsmbd_base.so(reply_trans2+0x8eb) > [0x81cda0] > Oct 2 06:10:37 dc1 smbd[1195]:#15 > /usr/local/samba/lib/private/libsmbd_base.so(+0x120055) [0x84e055] > Oct 2 06:10:37 dc1 smbd[1195]:#16 > /usr/local/samba/lib/private/libsmbd_base.so(+0x1201e5) [0x84e1e5] > Oct 2 06:10:37 dc1 smbd[1195]:#17 > /usr/local/samba/lib/private/libsmbd_base.so(+0x120c89) [0x84ec89] > Oct 2 06:10:37 dc1 smbd[1195]:#18 > /usr/local/samba/lib/private/libsmbd_base.so(+0x121b99) [0x84fb99] > Oct 2 06:10:37 dc1 smbd[1195]:#19 > /usr/local/samba/lib/private/libsmbd_base.so(+0x121c0f) [0x84fc0f] > Oct 2 06:10:37 dc1 smbd[1195]:#20 > /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) > [0xdedef0] > Oct 2 06:10:37 dc1 smbd[1195]:#21 > /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] > Oct 2 06:10:37 dc1 smbd[1195]:#22 > /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) > [0x3530c3] > Oct 2 06:10:37 dc1 smbd[1195]:#23 > /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x120c) > [0x852f84] > Oct 2 06:10:37 dc1 smbd[1195]:#24 > /usr/local/samba/sbin/smbd(+0x8515) [0x496515] > Oct 2 06:10:37 dc1 smbd[1195]:#25 > /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) > [0xdedef0] > Oct 2 06:10:37 dc1 smbd[1195]:#26 > /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] > Oct 2 06:10:37 dc1 smbd[1195]:#27 > /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) > [0x3530c3] > Oct 2 06:10:37 dc1 smbd[1195]:#28 > /usr/local/samba/sbin/smbd(+0x90dc) [0x4970dc] > Oct 2 06:10:37 dc1 smbd[1195]:#29 > /usr/local/samba/sbin/smbd(main+0x1723) [0x498964] > Oct 2 06:10:37 dc1 smbd[1195]:#30 > /lib/libc.so.6(__libc_start_main+0xe6) [0xb7130ce6] > Oct 2 06:10:37 dc1 smbd[1195]:#31 > /usr/local/samba/sbin/smbd(+0x3eb1) [0x491eb1] > Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.092166, 0] > ../source3/lib/dumpcore.c:317(dump_core) > Oct 2 06:10:37 dc1 smbd[1195]: dumping core in > /usr/local/samba/var/cores/smbd > > These just started today. > For the most part things seem to be working except for the
Re: [Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
On Wed, Oct 02, 2013 at 11:38:21AM +0200, Andreas Oster wrote: > Hi all, > > I have run into a problem with our samba4 setup. I have successfully > joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the > samba4 AD. User authentication does work but unfortunately the ISE is > unable to fetch the AD groups from the domain controller. In the samba > logs I get the following error message when initiating the group fetch: > > [2013/10/02 10:21:37.605554, 0] > ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) > Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136 LDAP request type 16 == LDAP_TAG_AbandonRequest which we don't handle in the cldap request handler. That's why you're getting the error. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
On Wed, Oct 02, 2013 at 11:38:21AM +0200, Andreas Oster wrote: > Hi all, > > I have run into a problem with our samba4 setup. I have successfully > joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the > samba4 AD. User authentication does work but unfortunately the ISE is > unable to fetch the AD groups from the domain controller. In the samba > logs I get the following error message when initiating the group fetch: > > [2013/10/02 10:21:37.605554, 0] > ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) > Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136 Can you log a bug and attach to it a wireshark trace of this operation failing ? That will help track this down and fix it. Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA RESOURCE
Hi everybody: I have a problem with samba 4.0.9 Why when I put "browseable = no" in a shared resource, it still appears from a windows client? Thanks Diego Donoso -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA + open LDAP + password hashing
On Wed, 2013-10-02 at 11:46 +0200, Alberto Aldrigo | Ca' Tron RE wrote: > Hi everybody, > > I'm running an Ubuntu server as fileserver for Osx clients using > netatalk and now I need to add support to samba for windows clients. > > Every user has an account on open LDAP user base and every account has > a password stored using SSHA hashing. > I would like to know if I can use the same user base with samba and how > to configure it to use ssha instead of NT/LM or if there is an alternative. No, there is no alternative (other than Kerberos). The encryption types are incompatible. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 consumes more CPU
Googling around copy_user_generic_unrolled() - a kernel space function -
seen in my previous smbd profiling, I found what might be a clue for the
performance drop. It is a comment on line #31 (see below) that says:
31 /*
32 * If CPU has ERMS feature, use copy_user_enhanced_fast_string.
33 * Otherwise, if CPU has rep_good feature, use copy_user_generic_string.
34 * Otherwise, use copy_user_generic_unrolled.
35 */
Which makes me guess that my Atom D2701 (
http://ark.intel.com/products/59683/Intel-Atom-Processor-D2700-1M-Cache-2_13-GHz)
is not compiled with REP_GOOD nor ERMS. It is not clear to me if the
processor does support those features, but apparently it does (looking at
/proc/cpuinfo from another user's NAS -
http://www.foxnetwork.ru/index.php/en/component/content/article/121-thecus-n4800eco.html
)
__
linux/arch/x86/include/asm/uaccess_64.h
Toggle line number - Style:
1 #ifndef _ASM_X86_UACCESS_64_H
2 #define _ASM_X86_UACCESS_64_H
3
4 /*
5 * User space memory access functions
6 */
7 #include
8 #include
9 #include
10 #include
11 #include
12 #include
13
14 /*
15 * Copy To/From Userspace
16 */
17
18 /* Handles exceptions in both to and from, but doesn't do access_ok */
19 __must_check unsigned long
20 copy_user_enhanced_fast_string(void *to, const void *from, unsigned len);
21 __must_check unsigned long
22 copy_user_generic_string(void *to, const void *from, unsigned len);
23 __must_check unsigned long
24 copy_user_generic_unrolled(void *to, const void *from, unsigned len);
25
26 static __always_inline __must_check unsigned long
27 copy_user_generic(void *to, const void *from, unsigned len)
28 {
29 unsigned ret;
30
31 /*
32 * If CPU has ERMS feature, use copy_user_enhanced_fast_string.
33 * Otherwise, if CPU has rep_good feature, use copy_user_generic_string.
34 * Otherwise, use copy_user_generic_unrolled.
35 */
36 alternative_call_2(copy_user_generic_unrolled,
37 copy_user_generic_string,
38 X86_FEATURE_REP_GOOD,
39 copy_user_enhanced_fast_string,
40 X86_FEATURE_ERMS,
41 ASM_OUTPUT2(""=a"" (ret), ""=D"" (to), ""=S"" (from),
42 ""=d"" (len)),
43 ""1"" (to), ""2"" (from), ""3"" (len)
44 : ""memory"", ""rcx"", ""r8"", ""r9"", ""r10"", ""r11"");
45 return ret;
46 }
On Tue, Oct 1, 2013 at 6:04 PM, Thiago Fernandes Crepaldi wrote:
> That is funny. Now that I replaced samba 4 and libc-2.13.so with debug
> symbols, the perf profile seems to be have changed a bit after the same
> tests !
>
> Events: 54K cycles
> - 3.06% smbd [kernel.kallsyms] [k] copy_user_generic_unrolled
>- copy_user_generic_unrolled
> 52.63% __read_nocancel
> 36.20% __write_nocancel
> 2.70% __getdents64
> 2.44% __libc_readv
> + 2.00% do_fcntl
> 0.87% __GI___libc_read
> + 0.77% __fxstat64
> - 2.02% smbd libc-2.13.so [.] _int_malloc
>+ _int_malloc
> - 1.62% smbd [kernel.kallsyms] [k] kmem_cache_alloc
>+ kmem_cache_alloc
> - 1.22% smbd libtalloc.so.2.0.7[.] _talloc_free
>+ _talloc_free
> - 0.99% smbd libtalloc.so.2.0.7[.]
> _talloc_free_children_internal.isra.4
>+ _talloc_free_children_internal.isra.4
> - 0.86% smbd libc-2.13.so [.] __memcpy_ssse3
>+ __memcpy_ssse3
> + 0.81% smbd [kernel.kallsyms] [k] kmem_cache_free
> + 0.81% smbd libc-2.13.so [.] _int_free
> + 0.79% smbd [kernel.kallsyms] [k] __kmalloc
> + 0.66% smbd libtalloc.so.2.0.7[.] _talloc_zero
> + 0.63% smbd [kernel.kallsyms] [k] link_path_walk
> + 0.63% smbd [kernel.kallsyms] [k] ext4_htree_store_dirent
> + 0.55% smbd libtalloc.so.2.0.7[.] talloc_alloc_pool
> + 0.55% smbd libc-2.13.so [.] __memset_sse2
> + 0.53% smbd libc-2.13.so [.] malloc
> + 0.53% smbd [kernel.kallsyms] [k] fcntl_setlk
> + 0.52% smbd [kernel.kallsyms] [k] get_page_from_freelist
> + 0.50% smbd libtalloc.so.2.0.7[.] talloc_get_name
> + 0.50% smbd [kernel.kallsyms] [k] tg3_start_xmit
> + 0.48% smbd [kernel.kallsyms] [k] memset
> + 0.47% smbd libc-2.13.so [.] free
> + 0.47% smbd [kernel.kallsyms] [k] _raw_spin_lock
> + 0.45% smbd [kernel.kallsyms] [k] __d_lookup_rcu
> + 0.45% smbd libc-2.13.so [.] __GI___strcmp_ssse3
> + 0.44% smbd libtalloc.so.2.0.7[.] _talloc_get_type_abort
> + 0.43% smbd [kernel.kallsyms] [k] system_call_after_swapgs
> + 0.43% smbd [kernel.kallsyms] [k] ext4_mark_iloc_dirty
> + 0.42% smbd libtalloc.so.2.0.7[.] talloc_is_parent
> + 0.41% smbd [kernel.kallsyms] [k] __alloc_skb
> + 0.41% smbd [kernel.kallsyms] [k] __posix_lock_file
> + 0.40% smbd [kernel.kallsyms] [k] __ext4_get_inode_loc
> + 0.39% smbd libc-2.13.so
[Samba] Problem with squid+ntlm+samba
Hello,
first, sorry by duplicated email, my last have write errors
I'm having a little problem after logging into domain via samba, after a
few minutes the squid no longer authenticates the users through single
sign on and keeps asking for authentication in the browser without stopping.
below is my settings and error logs.
smb.conf
[global]
workgroup = SALE
netbios name = utmadm
server string = PROXY SERVER
load printers = no
log file = /var/log/samba34/log.%m
pid directory = /var/run/samba34
max log size = 500
realm = sale.br
security = ads
auth methods = winbind
winbind separator = |
encrypt passwords = yes
winbind cache time = 300
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
idmap uid = 1-5
idmap gid = 1-5
local master = no
os level = 233
domain master = no
preferred master = no
domain logons = no
wins server = 192.168.8.202
dns proxy = no
ldap ssl = no
client use spnego = no
server signing = auto
client signing = auto
log level = 3 auth:10 winbind:10
krb5.conf
[libdefaults]
default_realm = SALE.BR
clockskew = 300
[realms]
SALE.BR = {
kdc = 192.168.0.1
default_domain = domain.local
admin_server = 192.168.0.1
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.domain.local = DOMAIN.LOCAL
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
squid.conf
# Do not edit manually !
http_port 192.168.0.1:8080
icp_port 0
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
referer_log /var/squid/logs/referer.log
logfile_rotate 0
cache_store_log none
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src 192.168.0.0/255.255.255.0
uri_whitespace strip
dns_nameservers 208.67.222.222
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 100 16 256
minimum_object_size 0 KB
maximum_object_size 4 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95
url_rewrite_program /usr/local/bin/redirector
url_rewrite_children 50
# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5080
3128 1025-65535 5080 81 80 443 21 20
acl sslports port 443 563 5080 5080 81 80 443 21 20
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
cache deny dynamic
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
# Always allow localhost connections
http_access allow localhost
request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all
# Custom options
tcp_outgoing_address 192.168.0.1
auth_param ntlm keep_alive on
# These hosts do not have any restrictions
http_access allow unrestricted_hosts
# Always allow access to whitelist domains
http_access allow whitelist
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 45
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
auth_param basic children 45
auth_param basic realm Please enter your credentials to access the proxy
auth_param basic credentialsttl 600 minutes
acl password proxy_auth REQUIRED
http_access allow unrestricted_hosts
http_access allow password localnet
# Default block all to be sure
http_access deny all
My winbind_privileged
drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged
Error logs:
[2013/10/01 19:39:44, 0]
utils/ntlm_auth.c:833(manage_squid_ntlmssp_request)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user
via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to
[Access denied]
2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user
via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
[2013/10/01 19:37:35, 0]
utils/ntlm_auth.c:833(manage_squid_ntlmssp_request)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
[2
[Samba] Problem with squid+ntlm+samba
Hello,
I'm having a little problem after logging into domain via samba, after a few
minutes the squid no longer authenticates the users through single sign on and
keeps asking for authentication in the browser without stopping.
below is my settings and error logs.
smb.conf
[global]workgroup = SALEnetbios name = utmadmserver string = PROXY SERVERload
printers = nolog file = /var/log/samba34/log.%mpid directory =
/var/run/samba34max log size = 500realm = sale.brsecurity = adsauth methods =
winbindwinbind separator = |encrypt passwords = yeswinbind cache time =
300winbind enum users = yeswinbind enum groups = yeswinbind use default domain
= yesidmap uid = 1-5idmap gid = 1-5local master = noos level =
233domain master = nopreferred master = nodomain logons = nowins server =
192.168.8.202dns proxy = noldap ssl = noclient use spnego = noserver signing =
autoclient signing = autolog level = 3 auth:10 winbind:10
krb5.conf
[libdefaults]default_realm = SALE.BRclockskew = 300[realms]SALE.BR = {
kdc = 192.168.0.1default_domain = domain.localadmin_server =
192.168.0.1}[logging]kdc = FILE:/var/log/krb5/krb5kdc.logadmin_server =
FILE:/var/log/krb5/kadmind.logdefault = SYSLOG:NOTICE:DAEMON
[domain_realm].domain.local = DOMAIN.LOCAL
[appdefaults]pam = {ticket_lifetime = 1drenew_lifetime = 1d
forwardable = trueproxiable = falseretain_after_close =
falseminimum_uid = 1
squid.conf
# Do not edit manually !http_port 192.168.0.1:8080icp_port 0
pid_filename /var/run/squid.pidcache_effective_user proxycache_effective_group
proxyerror_directory /usr/local/etc/squid/errors/Englishicon_directory
/usr/local/etc/squid/iconsvisible_hostname localhostcache_mgr
admin@localhostaccess_log /var/squid/logs/access.logcache_log
/var/squid/logs/cache.logreferer_log /var/squid/logs/referer.loglogfile_rotate
0cache_store_log noneshutdown_lifetime 3 seconds# Allow local network(s) on
interface(s)acl localnet src 192.168.0.0/255.255.255.0uri_whitespace
stripdns_nameservers 208.67.222.222cache_mem 8 MBmaximum_object_size_in_memory
32 KBmemory_replacement_policy heap GDSFcache_replacement_policy heap
LFUDAcache_dir ufs /var/squid/cache 100 16 256minimum_object_size 0
KBmaximum_object_size 4 KBoffline_mode offcache_swap_low 90cache_swap_high 95
url_rewrite_program /usr/local/bin/redirectorurl_rewrite_children 50
# Setup some default aclsacl all src 0.0.0.0/0.0.0.0acl localhost src
127.0.0.1/255.255.255.255acl safeports port 21 70 80 210 280 443 488 563 591
631 777 901 5080 3128 1025-65535 5080 81 80 443 21 20acl sslports port 443 563
5080 5080 81 80 443 21 20acl manager proto cache_objectacl purge method
PURGEacl connect method CONNECTacl dynamic urlpath_regex cgi-bin \?acl
unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"acl whitelist
dstdom_regex -i "/var/squid/acl/whitelist.acl"cache deny dynamichttp_access
allow manager localhosthttp_access deny managerhttp_access allow purge
localhosthttp_access deny purgehttp_access deny !safeportshttp_access deny
CONNECT !sslports
# Always allow localhost connectionshttp_access allow localhost
request_body_max_size 0 KBreply_body_max_size 0 deny alldelay_pools
1delay_class 1 2delay_parameters 1 -1/-1 -1/-1delay_initial_bucket_level
100delay_access 1 allow all
# Custom optionstcp_outgoing_address 192.168.0.1auth_param ntlm keep_alive on
# These hosts do not have any restrictionshttp_access allow unrestricted_hosts#
Always allow access to whitelist domainshttp_access allow whitelistauth_param
ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmsspauth_param ntlm children 45auth_param basic
program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basicauth_param
basic casesensitive offauthenticate_cache_garbage_interval 10 secondsauth_param
basic children 45auth_param basic realm Please enter your credentials to access
the proxyauth_param basic credentialsttl 600 minutesacl password proxy_auth
REQUIREDhttp_access allow unrestricted_hostshttp_access allow password
localnet# Default block all to be surehttp_access deny all
My winbind_privileged
drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged
Error logs:
[2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED2013/10/01 19:39:44|
authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH
NT_STATUS_ACCESS_DENIED'
Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access
denied]2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user
via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'[2013/10/01 19:37:35, 0]
utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH:
NT_STATUS_ACCESS_DENIED
[2013/10/01 19:36:52, 10] utils/ntlm_auth.c:2190(manage_squid_request) NTLMSSP
BH: NT_STATUS_ACCESS_DENIED
[2013/10/01 10:30:12, 3] utils/ntlm_auth.c:329(check_plaintext_auth
[Samba] Samba Crashing
I have Samba 4.0.9 installed on three Centos servers. On my primary DC I am getting faults and core dumps. Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.083800, 0] ../lib/util/fault.c:72(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: === Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084493, 0] ../lib/util/fault.c:73(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: INTERNAL ERROR: Signal 11 in pid 1195 (4.0.9) Oct 2 06:10:37 dc1 smbd[1195]: Please read the Trouble-Shooting section of the Samba HOWTO Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.084928, 0] ../lib/util/fault.c:75(fault_report) Oct 2 06:10:37 dc1 smbd[1195]: === Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.085268, 0] ../source3/lib/util.c:810(smb_panic_s3) Oct 2 06:10:37 dc1 smbd[1195]: PANIC (pid 1195): internal error Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.087348, 0] ../source3/lib/util.c:921(log_stack_trace) Oct 2 06:10:37 dc1 smbd[1195]: BACKTRACE: 32 stack frames: Oct 2 06:10:37 dc1 smbd[1195]:#0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x2b) [0xdd2bc5] Oct 2 06:10:37 dc1 smbd[1195]:#1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x7f) [0xdd2a23] Oct 2 06:10:37 dc1 smbd[1195]:#2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x2a) [0xb2c76c] Oct 2 06:10:37 dc1 smbd[1195]:#3 /usr/local/samba/lib/libsamba-util.so.0(+0x1745f) [0xb2c45f] Oct 2 06:10:37 dc1 smbd[1195]:#4 /usr/local/samba/lib/libsamba-util.so.0(+0x17470) [0xb2c470] Oct 2 06:10:37 dc1 smbd[1195]:#5 [0x521400] Oct 2 06:10:37 dc1 smbd[1195]:#6 /usr/local/samba/lib/private/libdfs_server_ad.so(+0x1d10) [0x3efd10] Oct 2 06:10:37 dc1 smbd[1195]:#7 /usr/local/samba/lib/private/libdfs_server_ad.so(+0x2780) [0x3f0780] Oct 2 06:10:37 dc1 smbd[1195]:#8 /usr/local/samba/lib/private/libdfs_server_ad.so(dfs_server_ad_get_referrals+0x38d) [0x3f1409] Oct 2 06:10:37 dc1 smbd[1195]:#9 /usr/local/samba/lib/private/libsmbd_base.so(+0x1a1e75) [0x8cfe75] Oct 2 06:10:37 dc1 smbd[1195]:#10 /usr/local/samba/lib/private/libsmbd_base.so(smb_vfs_call_get_dfs_referrals+0x3d) [0x83a1f9] Oct 2 06:10:37 dc1 smbd[1195]:#11 /usr/local/samba/lib/private/libsmbd_base.so(setup_dfs_referral+0xea) [0x8625ca] Oct 2 06:10:37 dc1 smbd[1195]:#12 /usr/local/samba/lib/private/libsmbd_base.so(+0xed942) [0x81b942] Oct 2 06:10:37 dc1 smbd[1195]:#13 /usr/local/samba/lib/private/libsmbd_base.so(+0xee3d1) [0x81c3d1] Oct 2 06:10:37 dc1 smbd[1195]:#14 /usr/local/samba/lib/private/libsmbd_base.so(reply_trans2+0x8eb) [0x81cda0] Oct 2 06:10:37 dc1 smbd[1195]:#15 /usr/local/samba/lib/private/libsmbd_base.so(+0x120055) [0x84e055] Oct 2 06:10:37 dc1 smbd[1195]:#16 /usr/local/samba/lib/private/libsmbd_base.so(+0x1201e5) [0x84e1e5] Oct 2 06:10:37 dc1 smbd[1195]:#17 /usr/local/samba/lib/private/libsmbd_base.so(+0x120c89) [0x84ec89] Oct 2 06:10:37 dc1 smbd[1195]:#18 /usr/local/samba/lib/private/libsmbd_base.so(+0x121b99) [0x84fb99] Oct 2 06:10:37 dc1 smbd[1195]:#19 /usr/local/samba/lib/private/libsmbd_base.so(+0x121c0f) [0x84fc0f] Oct 2 06:10:37 dc1 smbd[1195]:#20 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) [0xdedef0] Oct 2 06:10:37 dc1 smbd[1195]:#21 /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] Oct 2 06:10:37 dc1 smbd[1195]:#22 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) [0x3530c3] Oct 2 06:10:37 dc1 smbd[1195]:#23 /usr/local/samba/lib/private/libsmbd_base.so(smbd_process+0x120c) [0x852f84] Oct 2 06:10:37 dc1 smbd[1195]:#24 /usr/local/samba/sbin/smbd(+0x8515) [0x496515] Oct 2 06:10:37 dc1 smbd[1195]:#25 /usr/local/samba/lib/libsmbconf.so.0(run_events_poll+0x481) [0xdedef0] Oct 2 06:10:37 dc1 smbd[1195]:#26 /usr/local/samba/lib/libsmbconf.so.0(+0x371bb) [0xdee1bb] Oct 2 06:10:37 dc1 smbd[1195]:#27 /usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0xf3) [0x3530c3] Oct 2 06:10:37 dc1 smbd[1195]:#28 /usr/local/samba/sbin/smbd(+0x90dc) [0x4970dc] Oct 2 06:10:37 dc1 smbd[1195]:#29 /usr/local/samba/sbin/smbd(main+0x1723) [0x498964] Oct 2 06:10:37 dc1 smbd[1195]:#30 /lib/libc.so.6(__libc_start_main+0xe6) [0xb7130ce6] Oct 2 06:10:37 dc1 smbd[1195]:#31 /usr/local/samba/sbin/smbd(+0x3eb1) [0x491eb1] Oct 2 06:10:37 dc1 smbd[1195]: [2013/10/02 06:10:37.092166, 0] ../source3/lib/dumpcore.c:317(dump_core) Oct 2 06:10:37 dc1 smbd[1195]: dumping core in /usr/local/samba/var/cores/smbd These just started today. For the most part things seem to be working except for the fact that I tried adding a new user yesterday which is unable to log in. -- Wayne Andersen System Administrator Clima-Tech Corporation direct 208-947-1849 cell 208-440-2912 -- To unsubscribe from this list go to the f
[Samba] SAMBA + open LDAP + password hashing
Hi everybody, I'm running an Ubuntu server as fileserver for Osx clients using netatalk and now I need to add support to samba for windows clients. Every user has an account on open LDAP user base and every account has a password stored using SSHA hashing. I would like to know if I can use the same user base with samba and how to configure it to use ssha instead of NT/LM or if there is an alternative. Thanks Bye *Alberto* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cisco ISE unable to retrieve AD group list from samba 4 server
Hi all, I have run into a problem with our samba4 setup. I have successfully joined a Cisco ISE v1.1.4 (Identity Service Engine) test machine to the samba4 AD. User authentication does work but unfortunately the ISE is unable to fetch the AD groups from the domain controller. In the samba logs I get the following error message when initiating the group fetch: [2013/10/02 10:21:37.605554, 0] ../source4/cldap_server/cldap_server.c:54(cldapd_request_handler) Invalid CLDAP request type 16 from ipv4:10.250.12.218:51136 Has anybody had a similar problem and found a solution for it ? Thank you for your kind help best regards Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem server WIN 2003 R2 - samba HP-UX
On Wed, 2013-09-25 at 14:25 +0200, Stefania Rampini wrote: > Hello all, > > I am running Samba 2.2.8a Stop right here. This version is so long un-supported and out of date it just isn't even funny. Please upgrade to a supported release, preferably Samba 4.0. Your issue almost certainly relates to the lack of 'smb signing' support in that release, but so many other things have changed in the past dozen years that it could really be anything. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
