I've discovered that the directory permission on the ntlm-socket from samba's winbind isn't enough for squid! Winbind itself doesn't startup, if you just chmod the dir! I had to chown root:squid the directory to get it working! Maybe an additional warning would be cool, after emerging squid with USE="samba kerberos". Reproducible: Always Steps to Reproduce: 1. Install squid and samba with USE="acl ads kerberos ldap samba pam winbind" 2. Configure both Servers accordingly 3. Wonder why it doesn't work! :-) Actual Results: [2009/02/25 15:48:45, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491) [26309]: request interface version [2009/02/25 15:48:45, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524) [26309]: request location of privileged pipe [2009/02/25 15:48:45, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1664) winbindd_pam_auth_crap: non-privileged access denied. ! winbindd_pam_auth_crap: Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. [2009/02/25 15:48:45, 5] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(1713) CRAP authentication for DOMAIN\user returned NT_STATUS_ACCESS_DENIED (PAM: 4)
I've got it twice now (on x86 and amd64), and have seen, that the directory gets created after the first start of winbind... therefore a comment in /etc/conf.d/samba on top (where you have to enable winbind) would probably also be helpful... btw: i'm not the only one http://forums.gentoo.org/viewtopic-t-747500-highlight-.html ;-)
Is this still an issue with the current stable samba-3.4.9?
(In reply to comment #2) > Is this still an issue with the current stable samba-3.4.9? > Closing as 3.0.x is no longer in tree and no answer was provided.