Topic: How-to Squid + SARG + Dansguardian + NTLM Authentication

[doot]

Hello. I am trying to make Squid use NTLM authentication to authorise users on the proxy by pulling user names from the WIN2000 - 2003 - 2008 Domain Controller.

There was a How-To on this exact topic in April 2009: http://forums.contribs.org/index.php?topic=43760.0 which I followed to the tee on the Advanced Samba install and config, but it seems I can not get Advanced Samba to pull user names or groups successfully, which in turn does not allow the rest of the How-To to work successfully.

Following the Advanced Samba contrib and installation, I successfully add the SME Server as a Domain Member, but when running the wbinfo -u or g command I get: "Error Looking up domain users"

In the wb-DOMAIN.log file, the following error is comng up:
[2010/08/03 22:15:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
  ads_connect for domain DOMAIN failed: No logon servers

Can anyone point me in the right direction.

thank you.

[vassili]

Hi, please post the output of:

Code: [Select]

config show smbAlso what is the output of the command:

Code: [Select]

net rpc join -U pdc_admin_username%pdc_admin_password

Regards

Vassili

[doot]

Apologies for the delay, the project got delayed but we are back on track now. Any help will be appreciated. See requested Outputs:

[root@sohproxy ~]# config show smb
smb=service
    DeadTime=10080
    KeepVersions=disabled
    OpLocks=enabled
    OsLevel=35
    RecycleBin=disabled
    RoamingProfiles=no
    ServerName=sohproxy
    ServerRole=DM
    ShadowCount=10
    ShadowDir=/home/e-smith/files/.shadow
    UnixCharSet=UTF8
    UseClientDriver=yes
    WINSServer=10.0.1.251
    Workgroup=soh
    status=enabled

[root@sohproxy ~]# net rpc join -U administrator%********
Joined domain SOH.
[root@sohproxy ~]#

[vassili]

The output seems to be in order

I am assuming that the 10.0.1.251 is your domain controller

Issue a

Code: [Select]

signal-event console-savefollowed by

Code: [Select]

signal-event post-upgrade; signal-event rebootand after that try the

Code: [Select]

wbinfo -ucommand and see it you get proper output

Regards

Vassili

[doot]

Thank you for the response, however the problem persists and is the same as before. See "wbinfo -u" output below:

[root@sohproxy ~]# wbinfo -u
Error looking up domain users

Anything else I can look at?

[vassili]

Also, check permissions on /var/cache/samba/winbindd_privileged they sometimes reset after update, they need to be like this:

Code: [Select]

drwxr-x---  2 root squid 4.0K Sep  4 11:02 winbindd_privileged
Regards

Vassili

[doot]

thanks Vassi. Permissions on the folder are as per yours, but see permissions on "pipe", is this correct group?:

[root@sohproxy samba]# ls -ld winbindd_privileged/
drwxr-x---  2 root squid 4096 Sep 19 09:23 winbindd_privileged/
[root@sohproxy samba]# ls -lR winbindd_privileged/
winbindd_privileged/:
total 0
srwxrwxrwx  1 root root 0 Sep 19 09:23 pipe
[root@sohproxy samba]#

[vassili]

Yes, these are the correct permissions.

The SME part seems to be in order, can you please double-check on your domain controller if you have any errors on your dns log ?