Re: [squid-users] Problems with NTLM

From: Harry Mills <harry_at_mad-cat.co.uk>
Date: Thu, 19 Apr 2012 18:52:06 +0100

Can you give any more details about what isn't working? Is it not
authenticating for https, or not able to fetch https pages?

Harry

On 19/04/2012 18:43, Wladner Klimach wrote:
> I've included squid user in the group and is working now! But https
> access is not working. Any clue of what could be causing such a
> problem?
>
> Regards,
>
> Wladner
>
> 2012/4/19 Harry Mills<harry_at_mad-cat.co.uk>:
>> On 19/04/2012 17:52, Wladner Klimach wrote:
>>>
>>> Look what I've got from cache.log from a Windows XP client :
>>>
>>> [2012/04/19 13:45:04, 0] utils/ntlm_auth.c:558(winbind_pw_check)
>>> Login for user [REDECAMARA]\[P_991064]@[CAINF-269652] failed due to
>>> [winbind client not authorized to use winbindd_pam_auth_crap. Ensure
>>> permissions on /var/lib/samba/winbindd_privileged are set correctly.]
>>> [2012/04/19 13:45:04, 0]
>>> utils/ntlm_auth.c:833(manage_squid_ntlmssp_request)
>>> 2012/04/19 13:45:04.390| authenticateNTLMHandleReply: helper:
>>> '0x12212b08' sent us 'BH NT_STATUS_ACCESS_DENIED'
>>> NTLMSSP BH: NT_STATUS_ACCESS_DENIED
>>> 2012/04/19 13:45:04.390| ntlm/auth_ntlm.cc(504) releaseAuthServer:
>>> releasing NTLM auth server '0x12212b08'
>>> 2012/04/19 13:45:04.390| authenticateNTLMHandleReply: Error validating
>>> user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
>>>
>>> What user do I have to set permission to access winbindd_privileged??
>>
>>
>> On my Redhat setup I have the following perms:
>>
>> drwxr-x--- 2 root wbpriv
>>
>> I have put the squid user into the wbpriv group.
>>
>> Regards
>>
>> Harry
>>
>>
>>
>>> regards,
>>>
>>> Wladner
>>>
>>> 2012/4/18 Simon Dwyer<mail_at_simmyd.net>:
>>>>
>>>> HI Wladner,
>>>>
>>>> I get that second message when i forget to start the winbind service.
>>>>
>>>> on Centos : service start winbind
>>>>
>>>> Simon
>>>>
>>>> On Wed, 2012-04-18 at 16:05 -0300, Wladner Klimach wrote:
>>>>>
>>>>> Hi everyone,
>>>>>
>>>>> I'm trying to implement NTLM scheme in my squid box. I've already
>>>>> configured samba and winbind so that I can check with wbinfo and even
>>>>> run /usr/bin/ntlm_auth at the shell and it works. But for some hidden
>>>>> problem squid is not having the same result. Look what is poping up at
>>>>> the cache.log:
>>>>>
>>>>> 2012/04/18 15:59:58.404| authenticateNTLMHandleReply: helper:
>>>>> '0x1fe158b8' sent us 'NA NT_STATUS_UNSUCCESSFUL'
>>>>>
>>>>> [2012/04/18 16:00:01, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
>>>>> could not obtain winbind netbios name!
>>>>>
>>>>> I hope some nice soul can help me!
>>>>>
>>>>> regards,
>>>>>
>>>>> Wladner
>>>>
>>>>
>>>>
>>
Received on Thu Apr 19 2012 - 17:49:49 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 20 2012 - 12:00:04 MDT