[Pkg-samba-maint] Bug#307257: About winbind 3 and squid with ntlm
authentication (Debian Bug #307257)
Jim Barber
jim.barber at ddihealth.com
Wed May 9 09:25:48 UTC 2007
Thanks for that, I'll give it a go when I get a chance.
It looks like the approach of defining a winbindd_privileged group is fine then.
----------
Jim Barber
DDI Health
Luca Maranzano wrote:
> Hi,
>
> Issue: permissions on /var/run/samba/winbindd_privileged/ and
> /usr/bin/ntlm_auth for Squid
>
> I've faced this issue on my Debian 4.0 with winbind 3.0.24 and Squid
> 2.6.12 from testing.
>
> I've solved in this way:
>
> - added the proxy user to the winbindd_privileged group
> - in /etc/squid/squid.conf
> set "cache_effective_user proxy" but NOT "cache_effective_group proxy"
> since from the documentation of Squid:
>
> # TAG: cache_effective_group
> # If you want Squid to run with a specific GID regardless of
> # the group memberships of the effective user then set this
> # to the group (or GID) you want Squid to run as. When set
> # all other group privileges of the effective user is ignored
> # and only this GID is effective. If Squid is not started as
> # root the user starting Squid must be member of the specified
> # group.
> # cache_effective_group proxy
>
> So if you set this option the Squid process will lose supplementary
> group and will not have access to winbindd_privileged.
>
> HTH.
> Cheers,
> Luca
More information about the Pkg-samba-maint
mailing list