Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: doot on August 03, 2010, 10:15:21 PM

Title: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: doot on August 03, 2010, 10:15:21 PM: Hello. I am trying to make Squid use NTLM authentication to authorise users on the proxy by pulling user names from the WIN2000 - 2003 - 2008 Domain Controller.

There was a How-To on this exact topic in April 2009: http://forums.contribs.org/index.php?topic=43760.0 which I followed to the tee on the Advanced Samba install and config, but it seems I can not get Advanced Samba to pull user names or groups successfully, which in turn does not allow the rest of the How-To to work successfully.

Following the Advanced Samba contrib and installation, I successfully add the SME Server as a Domain Member, but when running the wbinfo -u or g command I get: "Error Looking up domain users"

In the wb-DOMAIN.log file, the following error is comng up:
[2010/08/03 22:15:44, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
ads_connect for domain DOMAIN failed: No logon servers

Can anyone point me in the right direction.

thank you.
Title: Re: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: vassili on August 09, 2010, 04:45:53 AM: Hi, please post the output of:
Code: [Select]
config show smbAlso what is the output of the command:
Code: [Select]
net rpc join -U pdc_admin_username%pdc_admin_password
Regards

Vassili
Title: Re: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: doot on September 18, 2010, 02:16:23 PM: Apologies for the delay, the project got delayed but we are back on track now. Any help will be appreciated. See requested Outputs:

[root@sohproxy ~]# config show smb
smb=service
DeadTime=10080
KeepVersions=disabled
OpLocks=enabled
OsLevel=35
RecycleBin=disabled
RoamingProfiles=no
ServerName=sohproxy
ServerRole=DM
ShadowCount=10
ShadowDir=/home/e-smith/files/.shadow
UnixCharSet=UTF8
UseClientDriver=yes
WINSServer=10.0.1.251
Workgroup=soh
status=enabled

[root@sohproxy ~]# net rpc join -U administrator%********
Joined domain SOH.
[root@sohproxy ~]#
Title: Re: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: vassili on September 18, 2010, 10:50:19 PM: The output seems to be in order

I am assuming that the 10.0.1.251 is your domain controller

Issue a
Code: [Select]
signal-event console-savefollowed by
Code: [Select]
signal-event post-upgrade; signal-event rebootand after that try the
Code: [Select]
wbinfo -ucommand and see it you get proper output

Regards

Vassili
Title: Re: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: doot on September 19, 2010, 09:32:58 AM: Thank you for the response, however the problem persists and is the same as before. See "wbinfo -u" output below:

[root@sohproxy ~]# wbinfo -u
Error looking up domain users

Anything else I can look at?
Title: Re: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: vassili on September 19, 2010, 12:50:34 PM: Also, check permissions on /var/cache/samba/winbindd_privileged they sometimes reset after update, they need to be like this:
Code: [Select]
drwxr-x--- 2 root squid 4.0K Sep 4 11:02 winbindd_privileged
Regards

Vassili
Title: Re: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: doot on September 19, 2010, 04:53:45 PM: thanks Vassi. Permissions on the folder are as per yours, but see permissions on "pipe", is this correct group?:

[root@sohproxy samba]# ls -ld winbindd_privileged/
drwxr-x--- 2 root squid 4096 Sep 19 09:23 winbindd_privileged/
[root@sohproxy samba]# ls -lR winbindd_privileged/
winbindd_privileged/:
total 0
srwxrwxrwx 1 root root 0 Sep 19 09:23 pipe
[root@sohproxy samba]#
Title: Re: How-to Squid + SARG + Dansguardian + NTLM Authentication
Post by: vassili on September 19, 2010, 06:31:48 PM: Yes, these are the correct permissions.

The SME part seems to be in order, can you please double-check on your domain controller if you have any errors on your dns log ?