[opensuse] What group permissions on winbindd_privileged are required for Squid?
In the man page of ntlm_auth, the helper program Squid uses for ntlmssp authentication, it states that Squid needs to have the correct permissions on the winbindd_privileges in order for it to authenticate: "Requires access to the directory winbindd_privileged in $LOCKDIR." I can't seem to figure out what to set it to. I am under the impression that Squid runs as user squid and group nobody. When I change the group on the directory to nobody, it still cannot authenticate: Login for user [DOMAIN]\[user]@[XXXXX] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly.] When I change the directory permissions to 755, making it world readable, it works, however this is not secure. Does anyone know what to set this to so that Squid can access it without it being world readable? What group do I need to set it to? Thanks, Anthony Simonelli -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 July 2009 22:57:09 Anthony Simonelli wrote:
I can't seem to figure out what to set it to. I am under the impression that Squid runs as user squid and group nobody. When I change the group on the directory to nobody, it still cannot authenticate:
As far as I know, the squid user belongs to the "nogroup" group, not "nobody". Try that Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 14 July 2009 06:13:47 pm Anders Johansson wrote:
On Tuesday 14 July 2009 22:57:09 Anthony Simonelli wrote:
I can't seem to figure out what to set it to. I am under the impression that Squid runs as user squid and group nobody. When I change the group on the directory to nobody, it still cannot authenticate:
As far as I know, the squid user belongs to the "nogroup" group, not "nobody". Try that
Anders That's what it is. I was using nobody.
chgrp nogroup /var/lib/samba/winbindd_privilege chmod 750 /var/lib/samba/winbindd_privilege Restarted Squid and it works. Thank you! -- Thank you, Anthony -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Anders Johansson
-
Anthony Simonelli