RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 797571 - squid userid not added to wbpriv group
Summary: squid userid not added to wbpriv group
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: squid
Version: 6.2
Hardware: All
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Michal Luscon
QA Contact: Dalibor Pospíšil
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-26 19:35 UTC by Mark Orenstein
Modified: 2013-02-21 08:39 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 584161
Environment:
Last Closed: 2013-02-21 08:39:38 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0505 0 normal SHIPPED_LIVE Moderate: squid security and bug fix update 2013-02-20 21:30:33 UTC

Description Mark Orenstein 2012-02-26 19:35:25 UTC 
+++ This bug was initially created as a clone of Bug #584161 +++

If samba-winbind is installed first, then the squid install should add itself to the wbpriv group.  Conversely, if squid is installed first, then the samba-winbind install should add squid to the wbpriv group.  Seems like a regression from Fedora 14

Description of problem: If squid is installed before samba-winbind, then the wbpriv group, when created, does not include squid.  This results in ntlm_auth calls by squid failing. "failed due to [winbind client not authorized to use winbindd_pam_auth_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly." 

Installing samba-winbind first resolves the problem


Version-Release number of selected component (if applicable): Fedora 12 x86_64 updated 2010/04/20.

How reproducible: Always


Steps to Reproduce:
1.During anaconda install check off squid
2.After Fedora is installed, yum install samba-squid
3.
  
Actual results: In /etc/group with corresponding gshadow
wbpriv:x:88:

Expected results: In /etc/group with corresponding gshadow
wbpriv:x:88:squid


Additional info:

--- Additional comment from sjensen on 2010-09-04 02:52:27 EDT ---

Same here on F13

--- Additional comment from fedora-admin-xmlrpc on 2010-10-08 10:44:07 EDT ---

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

--- Additional comment from gdeschner on 2010-10-08 10:57:40 EDT ---

Reassigning to squid

--- Additional comment from jskala on 2010-10-14 09:16:31 EDT ---

I've renewed trigger in squid.spec then I've extended it about this lines:

if ! getent group wbpriv >/dev/null 2>&1 ; then
  /usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
fi

It works fine for me.

This trigger is invoked when samba-common (required by samba-winbind) is installed/upgraded.

I've made a build in rawhide and the one should be available to test in rawhide repository in next hours. Please, give me a feedback. I'll backport it into f14 and olders when it works fine.

Guenther, is this extension fine for you? What about the same conditional group 'wbpriv' insertion in samba-common subpackage?

--- Additional comment from ssorce on 2010-10-14 10:32:39 EDT ---

Jiri we discussed exactly this approach a few days ago.
Can you open a samba bug (maybe just clone) so that we can make sure to remember to do the change on our side?

--- Additional comment from updates on 2010-10-18 03:37:40 EDT ---

squid-3.1.8-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/squid-3.1.8-2.fc14

--- Additional comment from updates on 2010-10-18 03:37:47 EDT ---

squid-3.1.8-2.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/squid-3.1.8-2.fc13

--- Additional comment from updates on 2010-10-18 16:54:09 EDT ---

squid-3.1.8-2.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update squid'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/squid-3.1.8-2.fc14

--- Additional comment from updates on 2010-11-01 16:47:29 EDT ---

squid-3.1.8-2.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

--- Additional comment from updates on 2010-11-01 16:52:06 EDT ---

squid-3.1.8-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 1 Jiri Skala 2012-02-27 07:44:05 UTC 
As is mentioned above this is adding a trigger to spec file.
Comment 8 errata-xmlrpc 2013-02-21 08:39:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0505.html
Note You need to log in before you can comment on or make changes to this bug.