[squid-users] Problems with squi3

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Nov 30 04:44:42 UTC 2015


I have the following problem with squid3 (3.1) on samba4:

In  /var/log/squid3/cache.log  appear this information:

2015/11/29 23:53:53| storeLateRelease: released 0 objects
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name domain^users
failed to call wbcStringToSid: WBC_ERR_INVALID_PARAM
Could not convert sid  to gid

The followings commands returned "Success"
wbinfo -g
wbinfo -u
wbinfo -i <domainuser>
getent passwd
kinit user at DOMAIN
klist -l
hostname -f
hostname -d
hostname -s
net ads testjoin
ntlm_auth --help-protocol=squid-2.5-basic --domain=empresa

Here is my* smb.conf*

  netbios name = DC1
  workgroup = EMPRESA
  security = ads
  realm = EMPRESA.COM
  encrypt passwords = yes
  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab
  preferred master = no
  idmap config *:backend = tdb
  idmap config *:range = 1000-3000
  idmap config CMB:backend = ad
  idmap config CMB:schema_mode = rfc2307
  idmap config CMB:range = 10000-9999999

  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes
  winbind refresh tickets = yes

  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes
  username map = /etc/samba/user.map

Following the authentication block of my *squid.conf*

auth_param ntlm program /usr/bin/ntlm_auth
auth_param ntlm children 20
auth_param ntlm keep_alive on

auth_param basic program /usr/bin/ntlm_auth
auth_param basic children 5
auth_param basic realm "WEB PROXY"
auth_param basic credentialsttl 8 hours

external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl

My *krb5.conf*


    default_realm = EMPRESA.COM
        dns_lookup_kdc = false
       dns_lookup_realm = false
       ticket_lifetime = 24h

        kdc = DC1.EMPRESA.COM:88
        kdc = DC2.EMPRESA.COM:88
        admin_server = DC1.EMPRESA.COM:464
        default_domain = EMPRESA.COM


    .empresa.com = EMPRESA.COM
    empresa.com = EMPRESA.COM
    empresa = EMPRESA.COM

    krb4_convert = true
    krb4_get_tickets = false

Does anyone have any idea?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151130/1cdf72d4/attachment.html>

More information about the squid-users mailing list