> RedHat Linux 9.0, > MIT Kerberos 1.4 built from source, > Samba 3.0.13 built from source, > Squid 2.5.STABLE7 built from source > SmartFilter 4.01. > Active Directory with Windows 2003 > > Why not use RPMs? Well - ADS support for Windows 2003 needs Kerberos > 1.3 or newer. But RedHat 9.0 has Kerberos 1.2.7 and zillions of RedHat > packages depend on it. So I need krb5 1.4 in another tree and > everything pretty much flows from that.
For what it is worth, I have this working fine against a Windows 2003 ADS with RedHat 7.3 with krb5-*-1.2.4-11.i386.rpm and on Fedora Core 3 with krb5-*-1.3.4-7.i386.rpm - however I am using Samba 3.0.2a to get around the kerberos issue. I used the information from the Squid FAQ's regarding winbind and kerberos to get mine to work (http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc23.5) Looking at your squid.conf, you have stated: acl AuthorizedUsers proxy_auth REQUIRED http_access allow all AuthorizedUsers Won't 'all' get processed before AuthorizedUsers so everyone will be allowed? My http_access is just http_access allow AuthorizedUsers http_access deny all Don't know if it's what is causing your problem, but it might cause you a problem in the future? Another thing I noticed you didn't do that I did that might be causing a problem is you didn't chmod winbindd_privileged, you chgrp'd it, but not chmod it... chmod 750 /var/lib/samba/winbindd_privileged/ Failing that, I don't know why it doesn't work. Jay
