Web lists-archives.com

Re: [Samba] samba 4.10 + SQUID 4.6 (FreeBSD) Fresh install - Error ownership folder




On Thu, 18 Apr 2019 18:33:03 -0300
Kontrol-Suporte via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello everyone,
> 
> Just made a brand new installation of the Samba 4.10 for FreeBSD (got
> it from FreeNAS project) and it worked very well but I am facing some
> issues while working with it + Squid 4.6
> 
> Here is the thing.  I could Join the machine to my Domain with
> absolutely no problems. I also created the Kerberos keytab, etc.
> 
> For some reason, the Squid Helpers are showing an error message, like
> the one below.
> 
> Although, NTLM helper is working fine and authenticating with no
> errors, Kerberos helper is not working at all and it fails crashing
> the Squid as it Terminated abnormally.
> 
>  
> 
> Here is my smb4.conf file, just in case I am using any
> deprecated/Invalid configuration.

Not so much deprecated or invalid, but un-needed/missing ?

Remove the defaults:

[global]
    workgroup = DOMAIN
    realm  = DOMAIN.CORP
    security = ads

    idmap config DOMAIN : backend = rid
    idmap config DOMAIN : range = 10000-20000

    template shell = /bin/bash
    winbind offline logon = yes
    winbind refresh tickets = yes
    winbind use default domain = yes
    log level = 3 passdb:5 winbind:3
    printcap name = /dev/null
    load printers = no
    printing = bsd
    local master = no
    kerberos method = secrets and keytab

[homes]
    comment = Home Directories
    valid users = %s, %D%W%S
    browseable = no
    read only = no
    inherit acls = yes

The missing:

    idmap config * : backend = tdb
    idmap config * : range = 3999-7999 

>  
> 
> I know it seems something wrong with SQUID, not SAMBA 4.10, but I am
> just wondering if I committed any mistake during the configuration
> process.

The probably missing (part 2):

    ntlm auth = mschapv2-and-ntlmv2-only

Not sure what Samba version you used last, but NTLMv1 is now turned off
by default.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba