Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Kraken Kratom Shop: Red Vein Kratom

Jump to first unread post Pages: 1
OfflineFlusH
Random person on Internet

Registered: 10/23/01
Posts: 2,910
Loc: Bizzaro World
Last seen: 16 days, 10 hours
Squid authenticating against Win2K Active Directory
    #5850542 - 07/12/06 11:33 AM (17 years, 6 months ago)

Good day!

I am busting my head over this, I hope someone out there could point me in the right direction. ( help please! )

I am using FreeBSD 6, with squid-2.5-stable and samba 3.0.22, and Kerberos krb5.

I have compiled both squid and samba on my machine. Samba was compiled with pam, ntlm, ldap, and winbind support. Squid was compiled with ldap_auth, and PF transparent proxying ( I know this is not important for AD authentication, but I am using squid transparently threw an if_bridge )

Kerberos is configured properly and is able to connect to my AD.

So far so good. I can then start winbindd and it does connect using "net ads join -U shaun", I can view the users and groups using either wbinfo -u or wbinfo -g and it does show everything.

When I try a wbinfo -t to check my secret, I am unable to connect.

$wbinfo -t
checking the trust secret via RPC calls failed
error code was STATUS_BUFFER_OVERFLOW (0x80000005)
Could not check secret

This is where I am stuck. ntlm_auth also does not check against the AD. I have been googling this problem for the past 3 weeks and seem to get stuck in the same place as everybody else. I have included my config files at the end of this post to hopefully help clarify any setup questions.

Thanks.

Here are the config files;
-=-=-=-=-=-=-=-=-=-
/etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = SHAUN.ADS
kdc_timesync = 0
[realms]
SHAUN.ADS = {
kdc = 192.168.0.37
}
[domain_realms]
.kerberos.server = SHAUN.ADS

I am able to connect using the comand

$ kinit shaun@SHAUN.ADS
shaun@SHAUN.ADS's Password: ******
kinit: NOTICE: ticked renewable lifetime is 1 week
-=-=-=-=-=-=-=-=-=-=-

/usr/local/etc/smb.conf
[global]
workgroup=SHAUN
netbios name = Proxy Authenticator
realm = SHAUN.ADS
security = ads
encrypt passwords = no (note: I have tried both encrypted and not, and changed the AD accordingly)
password server = 192.168.0.37
winbind separator = %
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbnd use default domain = yes
panic action = "/bin/sleep 9000" (note: this is if winbindd crash's, I can do a bt and strace much easier)


-=-=-=-=-=-=-=-=-=-=-
strace of wbinfo -a:

[...]
lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/tmp/.winbindd/pipe", {st_mode=S_IFSOCK|0777, st_size=0, ...}) =
0
socket(PF_UNIX, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
connect(3, {sa_family=AF_UNIX, path="/tmp/.winbindd/pipe"}, 110) = 0
getpid() = 7990
getpid() = 7990
select(4, [3], NULL, NULL, {0, 0}) = 0 (Timeout)
write(3, " \6\0\0\0\0\0\0006\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1568) = 1568
read(3, "\24\5\0\0\1\0\0\0\t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1300) = 1300
getpid() = 7990
getpid() = 7990
select(4, [3], NULL, NULL, {0, 0}) = 0 (Timeout)
write(3, " \6\0\0)\0\0\0006\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1568) = 1568
read(3, "9\5\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1300) = 1300
read(3, "/var/cache/samba/winbindd_privil"..., 37) = 37
lstat64("/var/cache/samba/winbindd_privileged", {st_mode=S_IFDIR|0750,
st_size=4096, ...}) = 0
lstat64("/var/cache/samba/winbindd_privileged/pipe",
{st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
connect(4, {sa_family=AF_UNIX,
path="/var/cache/samba/winbindd_privileged/pipe"}, 110) = 0
close(3) = 0
select(5, [4], NULL, NULL, {0, 0}) = 0 (Timeout)
write(4, " \6\0\0\f\0\0\0006\37\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
1568) = 1568
read(4, "\24\5\0\0\0\0\0\0\5\0\0\200STATUS_BUFFER_OVERFL"..., 1300) = 1300
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x401fa000
write(1, "plaintext password authenticatio"..., 41plaintext password
authentication failed
) = 41
write(1, "error code was STATUS_BUFFER_OVE"..., 94error code was
STATUS_BUFFER_OVERFLOW (0x80000005)
error messsage was: STATUS_BUFFER_OVERFLOW
) = 94


Extras: Filter Print Post Top
Jump to top Pages: 1

Kraken Kratom Shop: Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* First live giant squid photographed in the wild
( 1 2 all )
Silversoul 2,811 28 10/09/05 09:13 PM
by absolute zero
* Transparent proxy with squid and openbsd... FlusH 2,295 4 03/24/06 08:19 AM
by FlusH
* Network Monitor on Win2K Pro - Any TCP/IP Buffs out there? Phyl 1,257 5 09/15/03 09:18 AM
by Seuss
* Unlocking a windows directory? tak 1,533 12 04/13/07 05:01 AM
by OJK
* Please help, reverse cellphone directory distortion 681 2 02/18/05 08:55 PM
by chocbruce
* How to rename windows directory ? T0aD 1,557 9 11/25/03 12:56 PM
by funkymonk
* Marijuana's Active Ingredient Kills Leukemia Cells 0xYg3n 791 2 03/02/06 06:49 PM
by iateshaggy
* How long does it take for a domain to become active? Colonel Kurtz Ph.D 1,132 12 05/17/06 08:25 PM
by Colonel Kurtz Ph.D

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
485 topic views. 0 members, 0 guests and 0 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.015 seconds spending 0.005 seconds on 14 queries.