SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003456: AD autentication does not work due to incorrect permissions - MantisBT Endian Bugtracker
Endian Issue Tracker

Please see now our new Bugtracker system: JIRA

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003456Endian FirewallProxy HTTPpublic2011-02-02 09:402011-04-19 13:45
Assigned Tosimon-endian 
PlatformOSOS Version
Product Version2.4.1 
Target VersionFixed in Version 
Summary0003456: AD autentication does not work due to incorrect permissions
DescriptionI made a new installation of EFW 2.4.1 from ISO image and I restored a full working backup from a previously upgraded version of EFW 2.4 to 2.4.1;
I had to rejoin my AD PDC because the backup does not contain the shared secret mantained by the PDC.
Now AD groups are visible in access policy rules but the browser do not pass the auth dialog when a web-site is accessed.
Additional InformationPermission on /var/cache/samba/winbindd_privileged that is created rejoin the AD are not corrected because the group do not belong to squid; my permission is:

drwxr-x--- 2 root root 4096 Feb 2 10:21 winbindd_privileged

You need to restore the correct permission to have squid working:

chown -R root:squid /var/cache/samba/winbindd_privileged
restartsquid --force
Attached Files

- Relationships
duplicate of 0003293feedbacksimon-endian 2.4.1 Proxy HTTP not work with AD authentication 
duplicate of 0001963resolvedsimon-endian HTTP Proxy EFW 2.2 (updated from 2.2rc3) group policy not longer works 

-  Notes
davvidde (reporter)
2011-02-02 10:10 [^]
simon-endian (developer)
2011-03-01 12:02

looks like this is a problem if the /var/lib/samba/winbindd_privileged directory already exists with wrong permissions and owner

to fix it i think we need to fix the permissions and owner in %post of the samba-common package
simon-endian (developer)
2011-03-01 12:05

just tested the following:

- change permissions to 777 and owner to root:squid (drwxrwxrwx 2 root root 4096 Nov 24 12:20 winbindd_privileged)
- reinstall samba-common package
- owner and permission is correct (drwxr-x--- 2 root squid 4096 Nov 24 12:20 winbindd_privileged)

seams like %post script to fix the permission and owner is not required

- Issue History
Date Modified Username Field Change
2011-02-02 09:40 davvidde New Issue
2011-02-02 10:10 davvidde Note Added: 0005583
2011-02-02 10:10 davvidde Relationship added duplicate of 0003293
2011-02-02 10:10 davvidde Duplicate ID 0 => 3293
2011-02-02 10:10 davvidde Status new => resolved
2011-02-02 10:10 davvidde Resolution open => fixed
2011-02-02 10:10 davvidde Assigned To => davvidde
2011-02-23 16:00 luca-endian Assigned To davvidde =>
2011-02-23 16:00 luca-endian Status resolved => confirmed
2011-02-23 16:00 luca-endian Tag Attached: purple
2011-02-24 14:18 ra-endian Assigned To => simon-endian
2011-02-24 14:20 ra-endian Relationship added duplicate of 0001963
2011-02-24 17:41 ra-endian Severity major => block
2011-03-01 12:02 simon-endian Note Added: 0005780
2011-03-01 12:05 simon-endian Note Added: 0005781
2011-04-19 13:45 Anonymous Status confirmed => resolved
2011-04-19 13:45 Anonymous Duplicate ID 3293 => 0

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker