Hi all,
I'm trying to replace ISA with the clearly superior squid and am
having some problems getting NTLM authentication working.
Squid works, and the box in on our domain after following the
following instructions:
http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM?highlight=%28ntlm%29
wbinfo -u lists all our users, and manually doing executing ntlm_auth
--username=dhope returns success. However, in my cache.log I get:
[2007/08/22 10:45:50, 0] utils/ntlm_auth.c:winbind_pw_check(429)
Login for user [DOMAIN]\[dhope]@[DAVE-LAPTOP] failed due to [winbind
client not authorized to use winbindd_pam_auth_crap. Ensure
permissions on /var/run/samba/winbin
dd_privileged are set correctly.]
[2007/08/22 10:45:50, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(603)
NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2007/08/22 10:45:50| authenticateNTLMHandleReply: Error validating
user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
At that point, I get an authentication dialog pop up client side.
After providing correct details, I then get the following in the log
[2007/08/22 10:52:22, 0] utils/ntlm_auth.c:winbind_pw_check(429)
Login for user [DOMAIN]\[dhope]@[DAVE-LAPTOP] failed due to [winbind
client not authorized to use winbindd_pam_auth_crap. Ensure
permissions on /var/run/samba/winbindd_privileged are set correctly.]
2007/08/22 10:52:22| authenticateNTLMHandleReply: Error validating
user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
Ownership of /var/run/samba is root:winbindd_priviledged. I've added
the user Squid runs as (proxy) to the group but still get the error.
Does anyone have any suggestions as to how i can try and diagnose this
problem further?
Thanks,
Dave
Received on Wed Aug 22 2007 - 03:54:59 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT