Squid + NTLM authentication failing in a Windows 2008 Domain Environment

Even the latest versions of Samba via yum updates has troubles talking to Windows 2008 Domain Controllers.  A partial solution was found here.

Upon an upgrade to the AD environment, winbind starts throwing errors like the one below:

Aug 16 16:20:38 ourhost winbindd[2459]:   rpc_api_pipe: Remote machine OURDOMAINCONTROLLER.ourdomain.com pipe \NETLOGON fnum 0x800areturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED

After the upgrade to Samba / winbind, squid started throwing the following authentication errors:

Aug 16 16:39:58 ourhost (ntlm_auth):   Login for user [ourdomain\[username]@[DESKTOPHOST] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly.]

In the end, it turns out that the latest Samba installation resolves this problem:

• /etc/init.d/squid stop
• /etc/init.d/winbind stop
• cp /etc/samba/smb.conf /tmp/smb.conf
• yum erase samba samba-common
• yum install samba3x samba3x-client –disablerepo=rpmforge
• cp /tmp/smb.conf /etc/samba/smb.conf
• setfacl -m u:squid:rx /var/lib/samba/winbindd_privileged
• kinit Administrator@OURDOMAIN.COM
• net ads join -U Administrator
• /etc/init.d/winbind start
• wbinfo -u (to test to make sure you see user names)
• /etc/init.d/squid start