[squid-users] Problems with squi3

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Nov 30 04:44:42 UTC 2015 

Hi,

I have the following problem with squid3 (3.1) on samba4:

In  /var/log/squid3/cache.log  appear this information:

2015/11/29 23:53:53| storeLateRelease: released 0 objects
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name domain^users
failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
Could not convert sid  to gid

The followings commands returned "Success"
wbinfo -g
wbinfo -u
wbinfo -i <domainuser>
getent passwd
kinit user at DOMAIN
klist -l
hostname -f
hostname -d
hostname -s
net ads testjoin
ntlm_auth --help-protocol=squid-2.5-basic --domain=empresa
--username=domain-user

Here is my* smb.conf*

[global]
  netbios name = DC1
  workgroup = EMPRESA
  security = ads
  realm = EMPRESA.COM
  encrypt passwords = yes
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab
  preferred master = no
  idmap config *:backend = tdb
  idmap config *:range = 1000-3000
  idmap config CMB:backend = ad
  idmap config CMB:schema_mode = rfc2307
  idmap config CMB:range = 10000-9999999

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes
  winbind refresh tickets = yes

  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes
  username map = /etc/samba/user.map


Following the authentication block of my *squid.conf*

...
# NTLM
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm keep_alive on


# BASIC
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm "WEB PROXY"
auth_param basic credentialsttl 8 hours

external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl
...

My *krb5.conf*

#KERBEROS

[libdefaults]
    default_realm = EMPRESA.COM
        dns_lookup_kdc = false
       dns_lookup_realm = false
       ticket_lifetime = 24h

[realms]
    EMPRESA.COM = {
        kdc = DC1.EMPRESA.COM:88
        kdc = DC2.EMPRESA.COM:88
        admin_server = DC1.EMPRESA.COM:464
        default_domain = EMPRESA.COM

    }

[domain_realm]
    .empresa.com = EMPRESA.COM
    empresa.com = EMPRESA.COM
    empresa = EMPRESA.COM

[login]
    krb4_convert = true
    krb4_get_tickets = false


Does anyone have any idea?


Regards,

Márcio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151130/1cdf72d4/attachment.html>

More information about the squid-users mailing list