SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003456: AD autentication does not work due to incorrect permissions - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0003456Endian FirewallProxy HTTPpublic2011-02-02 09:402011-04-19 13:45
Reporterdavvidde 
Assigned Tosimon-endian 
PrioritynormalSeverityblockReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.4.1 
Target VersionFixed in Version 
Customer Importance
Customer Occurrences
Queue
Summary0003456: AD autentication does not work due to incorrect permissions
DescriptionI made a new installation of EFW 2.4.1 from ISO image and I restored a full working backup from a previously upgraded version of EFW 2.4 to 2.4.1;
I had to rejoin my AD PDC because the backup does not contain the shared secret mantained by the PDC.
Now AD groups are visible in access policy rules but the browser do not pass the auth dialog when a web-site is accessed.
Steps To Reproduce
Additional InformationPermission on /var/cache/samba/winbindd_privileged that is created rejoin the AD are not corrected because the group do not belong to squid; my permission is:

drwxr-x--- 2 root root 4096 Feb 2 10:21 winbindd_privileged

You need to restore the correct permission to have squid working:

chown -R root:squid /var/cache/samba/winbindd_privileged
restartsquid --force
Tagspurple
Relationships
duplicate of 0003293feedback simon-endian 2.4.1 Proxy HTTP not work with AD authentication 
duplicate of 0001963resolved simon-endian HTTP Proxy EFW 2.2 (updated from 2.2rc3) group policy not longer works 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2011-02-02 09:40davviddeNew Issue
2011-02-02 10:10davviddeNote Added: 0005583
2011-02-02 10:10davviddeRelationship addedduplicate of 0003293
2011-02-02 10:10davviddeDuplicate ID0 => 3293
2011-02-02 10:10davviddeStatusnew => resolved
2011-02-02 10:10davviddeResolutionopen => fixed
2011-02-02 10:10davviddeAssigned To => davvidde
2011-02-23 16:00luca-endianAssigned Todavvidde =>
2011-02-23 16:00luca-endianStatusresolved => confirmed
2011-02-23 16:00luca-endianTag Attached: purple
2011-02-24 14:18ra-endianAssigned To => simon-endian
2011-02-24 14:20ra-endianRelationship addedduplicate of 0001963
2011-02-24 17:41ra-endianSeveritymajor => block
2011-03-01 12:02simon-endianNote Added: 0005780
2011-03-01 12:05simon-endianNote Added: 0005781
2011-04-19 13:45AnonymousStatusconfirmed => resolved
2011-04-19 13:45AnonymousDuplicate ID3293 => 0

Notes
(0005583)
davvidde   
2011-02-02 10:10   
http://bugs.endian.com/view.php?id=3293 [^]
(0005780)
simon-endian   
2011-03-01 12:02   
looks like this is a problem if the /var/lib/samba/winbindd_privileged directory already exists with wrong permissions and owner

to fix it i think we need to fix the permissions and owner in %post of the samba-common package
(0005781)
simon-endian   
2011-03-01 12:05   
just tested the following:

- change permissions to 777 and owner to root:squid (drwxrwxrwx 2 root root 4096 Nov 24 12:20 winbindd_privileged)
- reinstall samba-common package
- owner and permission is correct (drwxr-x--- 2 root squid 4096 Nov 24 12:20 winbindd_privileged)

seams like %post script to fix the permission and owner is not required