[Pkg-samba-maint] Bug#307257: About winbind 3 and squid with ntlm
authentication (Debian Bug #307257)
Luca Maranzano
liuk001 at gmail.com
Wed May 9 09:12:39 UTC 2007
Hi,
Issue: permissions on /var/run/samba/winbindd_privileged/ and
/usr/bin/ntlm_auth for Squid
I've faced this issue on my Debian 4.0 with winbind 3.0.24 and Squid
2.6.12from testing.
I've solved in this way:
- added the proxy user to the winbindd_privileged group
- in /etc/squid/squid.conf
set "cache_effective_user proxy" but NOT "cache_effective_group proxy"
since from the documentation of Squid:
# TAG: cache_effective_group
# If you want Squid to run with a specific GID regardless of
# the group memberships of the effective user then set this
# to the group (or GID) you want Squid to run as. When set
# all other group privileges of the effective user is ignored
# and only this GID is effective. If Squid is not started as
# root the user starting Squid must be member of the specified
# group.
# cache_effective_group proxy
So if you set this option the Squid process will lose supplementary group
and will not have access to winbindd_privileged.
HTH.
Cheers,
Luca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070509/8f8ae5bc/attachment.html
More information about the Pkg-samba-maint
mailing list