From: Alexander Bokovoy <a.bokovoy@sam-solutions.net>
To: sisyphus@altlinux.ru
Subject: Re: [sisyphus] Re: I: new samba3 build
Date: Tue, 29 Apr 2003 15:20:47 +0300
Message-ID: <20030429122047.GB18909@sam-solutions.net> (raw)
In-Reply-To: <20030429144458.64c3e1c7.grisxa@mail.ru>
On Tue, Apr 29, 2003 at 02:44:58PM +0400, Grigory Batalov wrote:
> On Tue, 29 Apr 2003 12:01:47 +0300
> Alexander Bokovoy <a.bokovoy@sam-solutions.net> wrote:
>
> > > [2003/04/29 08:22:17, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(284)
> > > Got user=[LIN] domain=[UPRAV_NT] workstation=[DB] len1=24 len2=24
> > > [2003/04/29 08:22:17, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(311)
> > > NTLMSSP NT_STATUS_ACCESS_DENIED
> > а wbinfo -a user%password работает?
>
> wbinfo -a user%password от имени bga - нет,
Естественно, Вы же не в группе winbind.
> sudo wbinfo -a user%password - да
И это понятно.
> > > (wb_ntlmauth)[28789](wb_ntlm_auth.c:60): sending 'NA UPRAV_NT\LIN auth failure because: Authentication Failure (winbind client not authorized to use winbindd_pam_auth_crap)' to squid
> > >
> > > Т.е. всё-таки недостаточно прав?
> > Недостаточно. У меня собственно вопрос -- по каким все же пользователем
> > запущен этот процесс 28789?
>
> По информации из /proc/<pid>/status - uid = squid, gid = squid.
Теперь дайте мне результат команды
id squid
> cache_effective_user squid
> cache_effective_group winbind
>
> и все директории squid-a перевёл в gid = winbind
> (иначе squid не может прочесть конфиги и писать логи).
> Соответственно, процессы ntlm_auth стали uid = squid,
> gid = winbind. В таком варианте работает! Учитывая, что
>
> $ ls -l /var/cache/samba/ | grep winbindd_privileged
> drwxr-x--- 2 root winbind 55 Апр 29 14:33 winbindd_privileged
>
> мне это кажется вполне логичным =).
> Хотя это не то, чего я добивался, так что ещё подумаю.
Да, это не то.
--
/ Alexander Bokovoy
---
Reading is to the mind what exercise is to the body.
next prev parent reply other threads:[~2003-04-29 12:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-25 16:40 [sisyphus] " Alexander Bokovoy
2003-04-28 13:06 ` [sisyphus] " Grigory Batalov
2003-04-28 13:24 ` Alexander Bokovoy
2003-04-29 4:30 ` Grigory Batalov
2003-04-29 9:01 ` Alexander Bokovoy
2003-04-29 10:44 ` Grigory Batalov
2003-04-29 12:20 ` Alexander Bokovoy [this message]
2003-04-29 13:28 ` [sisyphus] " Grigory Batalov
2003-04-29 13:38 ` Alexander Bokovoy
2003-04-29 13:38 ` [sisyphus] wbinfo -g | -u (was: I: new samba3 build) Grigory Batalov
2003-04-29 14:14 ` Alexander Bokovoy
2003-04-30 5:19 ` Grigory Batalov
2003-04-30 7:10 ` Alexander Bokovoy
2003-04-30 7:57 ` Grigory Batalov
2003-04-30 9:41 ` Alexander Bokovoy
2003-04-30 11:55 ` [sisyphus] failed to parse NTLMSSP " Grigory Batalov
2003-04-30 12:45 ` Alexander Bokovoy
2003-04-30 15:08 ` [sisyphus] Kernel Alexander Blagin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030429122047.GB18909@sam-solutions.net \
--to=a.bokovoy@sam-solutions.net \
--cc=sisyphus@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git