Hi Jim,
I would check:
1) can you authenticate from the squid box itself, for a given user,
using wbinfo -a ?
2) for Active Directory integration, I had to rebuild Samba3 using
kerberos 1.3.1. Redhat 9 installs with 1.2.7 which seemed to provide
inconsistent results. I don't know if this applies for you.
3) What does wbinfo -t, wbinfo -u wbinfo -g return? All three should
work. (I had a situation where -u/-g would work but not -t. Upgrading to
kerberos 1.3.1 and recompiling Samba3 fixed it.)
3) in squid.conf, are you using NT groups in Squid ACLs to allow access?
If so those groups must exist on the PDC/AD.
4) is the client a member of the same domain as the squid box?
--Dave
On Wed, 2003-12-10 at 07:11, Jim Crippen wrote:
> Hi all,
>
> I am running into a problem with squid 2.5 STABLE4 using ntlm_auth. I have
> successfully set this up on a test server with no issues and everything
> works transparently. I copied all the configs and set up samba and squid
> exactly as I did before on the production server and now IE 6.0 is prompting
> for a domain login, which doesn't accept it if you enter the
> username/password/domain. On clicking the Cancel button, I get a page the
> states Cache Access Denied, and in the cache.log I see where the
> authentication returned NT_ACCESS_DENIED from the domain controller. Any
> ideas on what might cause this? Both servers are RedHat 7.3, Samba 3.0.0,
> Squid 2-5STABLE4.
>
> Thanks,
>
> Jim Crippen
> Sr LAN Administrator
> Elite Transportation
> jcrippen@eliteint.com
>
>
Received on Wed Dec 10 2003 - 07:22:59 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:09 MST