The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

форумы  помощь  поиск  регистрация  майллист  ВХОД  слежка  RSS
"Аунтификация в squid через DC windows 2003 server"
Вариант для распечатки  
Пред. тема | След. тема 
Форумы Samba, вопросы интеграции Unix и Windows (Public)
Изначальное сообщение [Проследить за развитием треда]

"Аунтификация в squid через DC windows 2003 server"  
Сообщение от magic (??) on 15-Авг-07, 07:26 
Привет ВСЕМ!
делаю все по стандарту...
в /etc/nsswitch.conf

passwd: files winbind nisplus
shadow: files winbind nisplus
group: files winbind nisplus

в smb.conf

winbind cache time = 15
template shell = /bin/bash
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes

workgroup = EXAMPLE
security = domain
password server = opmast.example.com
encrypt passwords = yes

добавляем машину в домен :
net rpc join -Admin

проверяем winbindd :
wbinfo -p все отлично

проверяем видит ли winbindd контроллер домена :
wbinfo -p

проверяем авторизацию пользователя:
wbinfo -a авторизация проходит

в /etc/squid/squid.conf

auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_resuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/lib/squid/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

после этого пытаемся
wb_group -d
выдает следующее :
/wb_group[14612](wb_check_group.c:308): Can't contact winbindd. Dying


Где копать?
система:
FC-3
squid-2.5.stable6-3.rpm
samba-2.2.6 - с исходников
попробую сейчас установить все с rpm

Заранее спасибо.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени, UBB]


1. "Аунтификация в squid через DC windows 2003 server"  
Сообщение от fank on 15-Авг-07, 13:04 
>[оверквотинг удален]
>
>
>Где копать?
>система:
>FC-3
>squid-2.5.stable6-3.rpm
>samba-2.2.6 - с исходников
>попробую сейчас установить все с rpm
>
>Заранее спасибо.

повесь strace на wb_auth
он все покажет
скорее всего, права на сокет winbindd кривоватые
ставим из пакетов и не дурим голову другим людям
хочется с исходникой - правь spec и собирай скока душе угодно

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "Аунтификация в squid через DC windows 2003 server"  
Сообщение от magic (??) on 16-Авг-07, 10:54 
>повесь strace на wb_auth
>он все покажет
>скорее всего, права на сокет winbindd кривоватые
>ставим из пакетов и не дурим голову другим людям
>хочется с исходникой - правь spec и собирай скока душе угодно

при установке из пакетов ничего не изменилось делал strace...
Подскажите где может быть засада. пока попробую сделать это:

he Winbind interface changed in Samba and therefore, the winbind components of your Squid version may be don't work correctly. To enable the Squid winbind components to work correctly, before compiling squid, replace the Squid versions of winbindd_nss.h located in the squid/helpers/ directories (there are three: one in the basic_auth/winbind, one in the ntlm_auth/winbind, and one in the external_acl/winbind_group directories) with the Samba version of winbindd_nss.h found in samba/source/nsswitch.

Вот вывод strace...

strace на wb_group -d :

execve("/usr/lib/squid/wb_group", ["/usr/lib/squid/wb_group", "-d"], [/* 21 vars */]) = 0
uname({sys="Linux", node="squidtest", ...}) = 0
brk(0)                                  = 0xf7f5f000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=30522, ...}) = 0
old_mmap(NULL, 30522, PROT_READ, MAP_PRIVATE, 5, 0) = 0xf6fde000
close(5)                                = 0
open("/lib/tls/librt.so.1", O_RDONLY)   = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\300"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=51100, ...}) = 0
old_mmap(NULL, 81912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6fca000
old_mmap(0xf6fd2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x7000) = 0xf6fd2000
old_mmap(0xf6fd4000, 40952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6fd4000
close(5)                                = 0
open("/lib/tls/libpthread.so.0", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\350"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=108424, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf6fc9000
old_mmap(NULL, 70132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6fb7000
old_mmap(0xf6fc5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xd000) = 0xf6fc5000
old_mmap(0xf6fc7000, 4596, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6fc7000
close(5)                                = 0
open("/lib/tls/libm.so.6", O_RDONLY)    = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0c\232"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=215248, ...}) = 0
old_mmap(NULL, 139424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6f94000
old_mmap(0xf6fb5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x20000) = 0xf6fb5000
close(5)                                = 0
open("/lib/libresolv.so.2", O_RDONLY)   = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\3\243"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=81316, ...}) = 0
old_mmap(NULL, 80040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6f80000
mprotect(0xf6f8f000, 18600, PROT_NONE)  = 0
old_mmap(0xf6f90000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xf000) = 0xf6f90000
old_mmap(0xf6f92000, 6312, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6f92000
close(5)                                = 0
open("/lib/libnsl.so.1", O_RDONLY)      = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\312\244"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=96020, ...}) = 0
old_mmap(NULL, 88288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6f6a000
old_mmap(0xf6f7c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x11000) = 0xf6f7c000
old_mmap(0xf6f7e000, 6368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6f7e000
close(5)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \217\210"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=1512400, ...}) = 0
old_mmap(NULL, 1207532, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6e43000
old_mmap(0xf6f64000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x120000) = 0xf6f64000
old_mmap(0xf6f68000, 7404, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6f68000
close(5)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf6e42000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf6e41000
mprotect(0xf6f64000, 8192, PROT_READ)   = 0
mprotect(0xf6f7c000, 4096, PROT_READ)   = 0
mprotect(0xf6f90000, 4096, PROT_READ)   = 0
mprotect(0xf6fb5000, 4096, PROT_READ)   = 0
mprotect(0xf6fc5000, 4096, PROT_READ)   = 0
mprotect(0xf6fd2000, 4096, PROT_READ)   = 0
mprotect(0xf6ffb000, 4096, PROT_READ)   = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xf6e416c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xf6fde000, 30522)               = 0
set_tid_address(0xf6e41708)             = 2321
rt_sigaction(SIGRTMIN, {0xf6fbb3a0, [], SA_RESTORER|SA_SIGINFO, 0xf6fc28a0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xf6fbb410, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0xf6fc28a0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
_sysctl({{CTL_KERN, KERN_VERSION}, 2, 0xfee5f7b8, 30, (nil), 0}) = 0
write(2, "/wb_group[2321](wb_check_group.c"..., 39/wb_group[2321](wb_check_group.c:344): ) = 39
write(2, "External ACL winbindd group help"..., 78External ACL winbindd group helper build Oct 18 2004, 17:26:14 starting up...
) = 78
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
write(2, "/wb_group[2321](wb_check_group.c"..., 39/wb_group[2321](wb_check_group.c:308): ) = 39
write(2, "Can\'t contact winbindd. Dying\n", 30Can't contact winbindd. Dying
) = 30
exit_group(1)                           = ?


strace yf wb_auth -d :

execve("/usr/lib/squid/wb_auth", ["/usr/lib/squid/wb_auth", "-d"], [/* 21 vars */]) = 0
uname({sys="Linux", node="squidtest", ...}) = 0
brk(0)                                  = 0xf85d4000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=30522, ...}) = 0
old_mmap(NULL, 30522, PROT_READ, MAP_PRIVATE, 5, 0) = 0xf6fde000
close(5)                                = 0
open("/lib/tls/librt.so.1", O_RDONLY)   = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\300"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=51100, ...}) = 0
old_mmap(NULL, 81912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6fca000
old_mmap(0xf6fd2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x7000) = 0xf6fd2000
old_mmap(0xf6fd4000, 40952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6fd4000
close(5)                                = 0
open("/lib/tls/libpthread.so.0", O_RDONLY) = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\350"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=108424, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf6fc9000
old_mmap(NULL, 70132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6fb7000
old_mmap(0xf6fc5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xd000) = 0xf6fc5000
old_mmap(0xf6fc7000, 4596, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6fc7000
close(5)                                = 0
open("/lib/tls/libm.so.6", O_RDONLY)    = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0c\232"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=215248, ...}) = 0
old_mmap(NULL, 139424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6f94000
old_mmap(0xf6fb5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x20000) = 0xf6fb5000
close(5)                                = 0
open("/lib/libresolv.so.2", O_RDONLY)   = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\3\243"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=81316, ...}) = 0
old_mmap(NULL, 80040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6f80000
mprotect(0xf6f8f000, 18600, PROT_NONE)  = 0
old_mmap(0xf6f90000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xf000) = 0xf6f90000
old_mmap(0xf6f92000, 6312, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6f92000
close(5)                                = 0
open("/lib/libnsl.so.1", O_RDONLY)      = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\312\244"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=96020, ...}) = 0
old_mmap(NULL, 88288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6f6a000
old_mmap(0xf6f7c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x11000) = 0xf6f7c000
old_mmap(0xf6f7e000, 6368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6f7e000
close(5)                                = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 5
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \217\210"..., 512) = 512
fstat64(5, {st_mode=S_IFREG|0755, st_size=1512400, ...}) = 0
old_mmap(NULL, 1207532, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0xf6e43000
old_mmap(0xf6f64000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x120000) = 0xf6f64000
old_mmap(0xf6f68000, 7404, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf6f68000
close(5)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf6e42000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf6e41000
mprotect(0xf6f64000, 8192, PROT_READ)   = 0
mprotect(0xf6f7c000, 4096, PROT_READ)   = 0
mprotect(0xf6f90000, 4096, PROT_READ)   = 0
mprotect(0xf6fb5000, 4096, PROT_READ)   = 0
mprotect(0xf6fc5000, 4096, PROT_READ)   = 0
mprotect(0xf6fd2000, 4096, PROT_READ)   = 0
mprotect(0xf6ffb000, 4096, PROT_READ)   = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xf6e416c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xf6fde000, 30522)               = 0
set_tid_address(0xf6e41708)             = 2333
rt_sigaction(SIGRTMIN, {0xf6fbb3a0, [], SA_RESTORER|SA_SIGINFO, 0xf6fc28a0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xf6fbb410, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0xf6fc28a0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
_sysctl({{CTL_KERN, KERN_VERSION}, 2, 0xfee288e8, 30, (nil), 0}) = 0
write(2, "/wb_auth[2333](wb_basic_auth.c:1"..., 37/wb_auth[2333](wb_basic_auth.c:183): ) = 37
write(2, "basic winbindd auth helper build"..., 70basic winbindd auth helper build Oct 18 2004, 17:25:55 starting up...
) = 70
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lstat64("/var/run/winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
write(2, "/wb_auth[2333](wb_basic_auth.c:1"..., 37/wb_auth[2333](wb_basic_auth.c:160): ) = 37
write(2, "Can\'t contact winbindd. Dying\n", 30Can't contact winbindd. Dying
) = 30
exit_group(1)                           = ?


вот stat на /var/run/winbindd/pipe :

File: `/var/run/winbindd/pipe'
  Size: 0             Blocks: 8          IO Block: 4096   socket
Device: fd00h/64768d    Inode: 147830      Links: 1
Access: (0777/srwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2007-08-16 22:50:22.330318512 +0800
Modify: 2007-08-16 22:25:03.451223232 +0800
Change: 2007-08-16 22:25:03.451223232 +0800

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]




Спонсоры:
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2021 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру