| View previous topic :: View next topic |
| Author |
Message |
SkyLeach
Apprentice
Joined: 05 Nov 2002
Posts: 177
Location: Knoxville, TN
|
 Posted: Fri Jul 27, 2007 12:44 am Post subject: [solved-ish] winbindd/samba bug? |
 |
|
I'm running into permission issues using winbindd + samba for NTLM auth.
winbind complains about permissions on the named pipe socket:
| Code: | Jul 26 20:37:25 [winbindd] [2007/07/26 20:37:25, 0] lib/util_sock.c:create_pipe_sock(1285)_
Jul 26 20:37:25 [winbindd] invalid permissions on socket directory /var/cache/samba/winbindd_privileged_
Jul 26 20:37:26 [rc-scripts] Error: starting services (see system logs)
Jul 26 20:37:26 [nmbd] [2007/07/26 20:37:26, 0] nmbd/nmbd.c:terminate(58)_
Jul 26 20:37:26 [nmbd] Got SIGTERM: going down..._
|
yet when I fix this...
| Code: | nagger mgregory # ls -alh /var/cache/samba/winbindd_privileged
total 512
drwxr-xr-x 2 root users 72 Jul 26 20:20 .
drwxr-xr-x 5 root root 792 Jul 26 20:22 ..
srwxrwxrwx 1 root root 0 Jul 26 20:20 pipe
nagger mgregory # chmod 750 /var/cache/samba/winbindd_privileged
nagger mgregory # ls -alh /var/cache/samba/winbindd_privileged
total 512
drwxr-x--- 2 root users 72 Jul 26 20:20 .
drwxr-xr-x 5 root root 792 Jul 26 20:22 ..
srwxrwxrwx 1 root root 0 Jul 26 20:20 pipe
nagger mgregory # /etc/init.d/samba start
* samba -> start: smbd ... [ ok ]
* samba -> start: nmbd ... [ ok ]
* samba -> start: winbindd ... [ ok ]
|
I get the following error in the apache error log:
| Code: | [2007/07/26 20:42:32, 0] utils/ntlm_auth.c:winbind_pw_check(429)
Login for user [tsn]\[mgregory]@[IT271] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly.]
[2007/07/26 20:42:32, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(603)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
[Thu Jul 26 20:42:32 2007] [error] [client 166.108.31.193] (20014)Error string not specified yet: ntlm_auth reports Broken Helper: BH NT_STATUS_ACCESS_DENIED
|
anyone know of a patch or fix for this?
_________________
-SL
http://www.skyleach.org
Last edited by SkyLeach on Wed Sep 05, 2007 3:46 am; edited 1 time in total |
|
| Back to top |
|
 |
bamapookie
n00b
Joined: 25 Nov 2004
Posts: 19
|
| Posted: Tue Jul 31, 2007 1:24 pm Post subject: |
|
|
This worked for me, but I don't think it is the best solution. If someone knows better, please speak up. 
| Code: | cd /var/cache/samba/
chmod 755 winbindd_privileged |
Note that the directory is owned by root:root. I believe the ideal solution is 750 for permissions, and a different group ownership, but I don't know which group.
Edit: It also works with permissions 750 and owner:group = root:apache. Still don't know if this is the most secure way. Could someone in the know please comment? |
|
| Back to top |
|
|
SkyLeach
Apprentice
Joined: 05 Nov 2002
Posts: 177
Location: Knoxville, TN
|
| Posted: Wed Sep 05, 2007 3:45 am Post subject: |
|
|
| bamapookie wrote: | This worked for me, but I don't think it is the best solution. If someone knows better, please speak up.
| Code: | cd /var/cache/samba/
chmod 755 winbindd_privileged |
Note that the directory is owned by root:root. I believe the ideal solution is 750 for permissions, and a different group ownership, but I don't know which group.
Edit: It also works with permissions 750 and owner:group = root:apache. Still don't know if this is the most secure way. Could someone in the know please comment? |
kindof works.
we need a bug on this
_________________
-SL
http://www.skyleach.org |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
