# [solved-ish] winbindd/samba bug?

## SkyLeach

I'm running into permission issues using winbindd + samba for NTLM auth.

winbind complains about permissions on the named pipe socket:

```
Jul 26 20:37:25 [winbindd] [2007/07/26 20:37:25, 0] lib/util_sock.c:create_pipe_sock(1285)_

Jul 26 20:37:25 [winbindd] invalid permissions on socket directory /var/cache/samba/winbindd_privileged_

Jul 26 20:37:26 [rc-scripts] Error: starting services (see system logs)

Jul 26 20:37:26 [nmbd] [2007/07/26 20:37:26, 0] nmbd/nmbd.c:terminate(58)_

Jul 26 20:37:26 [nmbd] Got SIGTERM: going down..._

```

yet when I fix this...

```
nagger mgregory # ls -alh /var/cache/samba/winbindd_privileged

total 512

drwxr-xr-x 2 root users  72 Jul 26 20:20 .

drwxr-xr-x 5 root root  792 Jul 26 20:22 ..

srwxrwxrwx 1 root root    0 Jul 26 20:20 pipe

nagger mgregory # chmod 750 /var/cache/samba/winbindd_privileged

nagger mgregory # ls -alh /var/cache/samba/winbindd_privileged

total 512

drwxr-x--- 2 root users  72 Jul 26 20:20 .

drwxr-xr-x 5 root root  792 Jul 26 20:22 ..

srwxrwxrwx 1 root root    0 Jul 26 20:20 pipe

nagger mgregory # /etc/init.d/samba start

 * samba -> start: smbd ...                                                                                                                            [ ok ]

 * samba -> start: nmbd ...                                                                                                                            [ ok ]

 * samba -> start: winbindd ...                                                                                                                        [ ok ]

```

I get the following error in the apache error log:

```
[2007/07/26 20:42:32, 0] utils/ntlm_auth.c:winbind_pw_check(429)

  Login for user [tsn]\[mgregory]@[IT271] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly.]

[2007/07/26 20:42:32, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(603)

  NTLMSSP BH: NT_STATUS_ACCESS_DENIED

[Thu Jul 26 20:42:32 2007] [error] [client 166.108.31.193] (20014)Error string not specified yet: ntlm_auth reports Broken Helper: BH NT_STATUS_ACCESS_DENIED

```

anyone know of a patch or fix for this?

----------

## bamapookie

This worked for me, but I don't think it is the best solution.  If someone knows better, please speak up.  :Smile: 

```
cd /var/cache/samba/

chmod 755 winbindd_privileged
```

Note that the directory is owned by root:root.  I believe the ideal solution is 750 for permissions, and a different group ownership, but I don't know which group.

Edit:  It also works with permissions 750 and owner:group = root:apache.  Still don't know if this is the most secure way.  Could someone in the know please comment?

----------

## SkyLeach

 *bamapookie wrote:*   

> This worked for me, but I don't think it is the best solution.  If someone knows better, please speak up. 
> 
> ```
> cd /var/cache/samba/
> 
> ...

 

kindof works.

we need a bug on this

----------

