Squid + NTLM authentication failing in a Windows 2008 Domain Environment

Even the latest versions of Samba via yum updates has troubles talking to Windows 2008 Domain Controllers.  A partial solution was found here.

Upon an upgrade to the AD environment, winbind starts throwing errors like the one below:

Aug 16 16:20:38 ourhost winbindd[2459]:   rpc_api_pipe: Remote machine OURDOMAINCONTROLLER.ourdomain.com pipe \NETLOGON fnum 0x800areturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED

After the upgrade to Samba / winbind, squid started throwing the following authentication errors:

Aug 16 16:39:58 ourhost (ntlm_auth):   Login for user [ourdomain\[username]@[DESKTOPHOST] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly.]

In the end, it turns out that the latest Samba installation resolves this problem:

  • /etc/init.d/squid stop
  • /etc/init.d/winbind stop
  • cp /etc/samba/smb.conf /tmp/smb.conf
  • yum erase samba samba-common
  • yum install samba3x samba3x-client –disablerepo=rpmforge
  • cp /tmp/smb.conf /etc/samba/smb.conf
  • setfacl -m u:squid:rx /var/lib/samba/winbindd_privileged
  • kinit Administrator@OURDOMAIN.COM
  • net ads join -U Administrator
  • /etc/init.d/winbind start
  • wbinfo -u (to test to make sure you see user names)
  • /etc/init.d/squid start

1 Comments

1 Pings/Trackbacks for "Squid + NTLM authentication failing in a Windows 2008 Domain Environment"

Leave a Reply