[Pkg-samba-maint] Bug#307257: About winbind 3 and squid with ntlm authentication (Debian Bug #307257)

Jim Barber jim.barber at ddihealth.com
Wed May 9 09:25:48 UTC 2007

Thanks for that, I'll give it a go when I get a chance.
It looks like the approach of defining a winbindd_privileged group is fine then.

Jim Barber
DDI Health

Luca Maranzano wrote:
> Hi,
> Issue: permissions on /var/run/samba/winbindd_privileged/ and 
> /usr/bin/ntlm_auth for Squid
> I've faced this issue on my Debian 4.0 with winbind 3.0.24 and Squid 
> 2.6.12 from testing.
> I've solved in this way:
> - added the proxy user to the winbindd_privileged group
> - in /etc/squid/squid.conf
>   set "cache_effective_user proxy" but NOT "cache_effective_group proxy" 
> since from the documentation of Squid:
> #  TAG: cache_effective_group
> #       If you want Squid to run with a specific GID regardless of
> #       the group memberships of the effective user then set this
> #       to the group (or GID) you want Squid to run as. When set
> #       all other group privileges of the effective user is ignored
> #       and only this GID is effective. If Squid is not started as
> #       root the user starting Squid must be member of the specified
> #       group.
> # cache_effective_group proxy
> So if you set this option the Squid process will lose supplementary 
> group and will not have access to winbindd_privileged.
> HTH.
> Cheers,
> Luca

More information about the Pkg-samba-maint mailing list