On 20 Nov 2003, Dave Augustus wrote:
> On the browser side, I got prompted for the username/password/domain but
> always got denied after 3 times. Winbind log said:
>
> [2003/11/20 16:46:27, 2]
> nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(222)
> winbindd_pam_auth_crap: non-privileged access denied!
I think this means you have not given Squid permission to use the
privileged winbind pipe. This privileged pipe is only needed for NTLM
authentication. The best way to set up such permissions is to create a
UNIX group for the purpose, and assign the system users who should be
allowed to talk directly to the privileged parts of winbind to this group.
The Samba people thinks the low-level communication method used for NTLM
authentication is too sensitive for the domain to allow any local
application access to the function.
Regards
Henrik
Received on Thu Nov 20 2003 - 18:06:10 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:26 MST