[squid-users] smb_auth on squid 2.5 stable1 (multidomain) from lists@dont-contact.us on 2003-08-01 (squid-users)

From: <lists@dont-contact.us>
Date: Fri, 1 Aug 2003 12:23:34 +0200

Greetings,
I am battling to setup smb_auth for two domains. Before upgrading from
ver 2.4 (stock redhat 8 one), everything seemed to work. After upgrading
to Red Hat 9.0, with 2.5 Stable1, only one domain can authenticate.

When I run the authentication from the command line like:
[root@proxy root]# /usr/lib/squid/smb_auth -W DOMAIN1 -U 10.23.0.246 -W
DOMAIN2 -U 10.23.8.247 -d
interocnt\administrator password
Domain name: DOMAIN2
Pass-through authentication: no
Query address options: -U 10.23.8.247 -R
Domain controller IP address: 10.23.8.247
Domain controller NETBIOS name: DOMAIN2-PDC
Contents of //DOMAIN2-PDC/NETLOGON/proxyauth: allow
OK

All seems to work. As soon as I try this using the browser, only DOMAIN1
authenticates.

If I take a look at the logs, I get this:
1059732031.361 570 10.23.0.19 TCP_DENIED/407 1727 GET
http://www.squid-cache.org/ - NONE/- text/html
1059732043.809 3634 10.23.0.19 TCP_DENIED/407 1727 GET
http://www.squid-cache.org/ - NONE/- text/html
1059732055.153 3342 10.23.0.19 TCP_DENIED/407 1727 GET
http://www.squid-cache.org/ - NONE/- text/html
1059732060.653 3301 10.23.0.19 TCP_DENIED/407 1727 GET
http://www.squid-cache.org/ - NONE/- text/html

For domain1 I do not specify the domain name on the browser, but for
domain 2 I do like this: domain2\administrator. As I said the exact same
config used to work for 2.4.

I also did a tcpdump on the machine just to see if there is any traffic
being sent to the DOMAIN2-PDC when I try to authentite on my browser,
nothing is sent. As soon as I do this from the commandline, then I see
some traffic.

I also noticed something very strange. When I use a valid username, it
does not authenticate right. When I used an invalid one, it still does
not authenticate, right. Now, when I use DOMAIN2\user with the password
'password', then it does right through...Bug? Definitely must be because
I do not have a user like that on DOMAIN2 and tcpdump reports no
activity going to the DOMAIN2-PDC. I don't know how to check the version
number of smb_auth but ls -l reports the date as:
-rwxr-xr-x 1 root root 8960 Jan 25 2003 smb_auth

Any ideas?
Received on Fri Aug 01 2003 - 04:25:06 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:31 MST