[Pkg-samba-maint] Bug#307257: About winbind 3 and squid with ntlm authentication (Debian Bug #307257)

Luca Maranzano liuk001 at gmail.com
Wed May 9 09:12:39 UTC 2007


Issue: permissions on /var/run/samba/winbindd_privileged/ and
/usr/bin/ntlm_auth for Squid

I've faced this issue on my Debian 4.0 with winbind 3.0.24 and Squid
2.6.12from testing.

I've solved in this way:

- added the proxy user to the winbindd_privileged group
- in /etc/squid/squid.conf
  set "cache_effective_user proxy" but NOT "cache_effective_group proxy"
since from the documentation of Squid:

#  TAG: cache_effective_group
#       If you want Squid to run with a specific GID regardless of
#       the group memberships of the effective user then set this
#       to the group (or GID) you want Squid to run as. When set
#       all other group privileges of the effective user is ignored
#       and only this GID is effective. If Squid is not started as
#       root the user starting Squid must be member of the specified
#       group.
# cache_effective_group proxy

So if you set this option the Squid process will lose supplementary group
and will not have access to winbindd_privileged.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070509/8f8ae5bc/attachment.html

More information about the Pkg-samba-maint mailing list