[squid-users] NTLM_Auth: Error validating user via NTLM from KaiserM@dont-contact.us on 2004-06-16 (squid-users)

From: <KaiserM@dont-contact.us>
Date: Wed, 16 Jun 2004 11:08:11 +0200

Hello all,

i have a problem using squid / samba ntlm_auth.

Used Software:
System: RedHat Linux 7.3
Squid: squid-2.5.STABLE5-20040616 (--enable-auth="ntlm,basic" --enable-external-acl-helpers="wbinfo_group")
Samba: samba-3.0.4 (--with-winbind)

The Prozess seems to run right, but when I try to connect (via IE 6.0) i get the windown-popup window to enter my password.

When I enter my passwd, this message appears in /var/log/messages:
Jun 16 10:49:14 alkippe squid[8520]: authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'

What could this be?

When I try to auth. manuall i get this:
[root@alkippe isg]# /usr/local/samba/bin/wbinfo -a DOMAIN\\USER%passwd
plaintext password authentication succeeded
challenge/response password authentication succeeded

Logoutput squid:
Jun 16 10:48:48 alkippe squid: squid startup succeeded
[2004/06/16 10:48:48, 1] nsswitch/winbindd_util.c:add_trusted_domain(178)
  Added domain CAMPUS S-0-0
Jun 16 10:48:48 alkippe squid[8515]: Squid Parent: child process 8520 started
Jun 16 10:48:48 alkippe squid[8520]: Starting Squid Cache version 2.5.STABLE5-20040616 for i686-pc-linux-gnu...
Jun 16 10:48:48 alkippe squid[8520]: Process ID 8520
Jun 16 10:48:48 alkippe squid[8520]: With 1024 file descriptors available
Jun 16 10:48:48 alkippe squid[8520]: DNS Socket created at 0.0.0.0, port 1039, FD 5
Jun 16 10:48:48 alkippe squid[8520]: Adding nameserver 212.68.119.1 from /etc/resolv.conf
Jun 16 10:48:48 alkippe squid[8520]: Adding nameserver 212.68.119.2 from /etc/resolv.conf
Jun 16 10:48:48 alkippe squid[8520]: helperStatefulOpenServers: Starting 10 'ntlm_auth' processes
[2004/06/16 10:48:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(178)
  Added domain GEN-MASTER S-1-5-21-55574991-1185813173-227697207
[2004/06/16 10:48:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(178)
  Added domain BUILTIN S-1-5-32
[2004/06/16 10:48:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(178)
  Added domain ALKIPPE S-1-5-21-304103064-127721489-737166496
Jun 16 10:48:50 alkippe squid[8520]: helperOpenServers: Starting 5 'ntlm_auth' processes
Jun 16 10:48:51 alkippe squid[8520]: helperOpenServers: Starting 10 'wbinfo_group.pl' processes
Jun 16 10:48:53 alkippe squid[8520]: Unlinkd pipe opened on FD 35
Jun 16 10:48:53 alkippe squid[8520]: Swap maxSize 102400 KB, estimated 7876 objects
Jun 16 10:48:53 alkippe squid[8520]: Target number of buckets: 393
Jun 16 10:48:53 alkippe squid[8520]: Using 8192 Store buckets
Jun 16 10:48:53 alkippe squid[8520]: Max Mem size: 16384 KB
Jun 16 10:48:53 alkippe squid[8520]: Max Swap size: 102400 KB
Jun 16 10:48:53 alkippe squid[8520]: Rebuilding storage in /usr/local/squid/var/cache (CLEAN)
Jun 16 10:48:53 alkippe squid[8520]: Using Least Load store dir selection
Jun 16 10:48:53 alkippe squid[8520]: Set Current Directory to /usr/local/squid/var/cache
Jun 16 10:48:53 alkippe squid[8520]: Loaded Icons.
Jun 16 10:48:53 alkippe squid[8520]: Accepting HTTP connections at 0.0.0.0, port 8080, FD 36.
Jun 16 10:48:53 alkippe squid[8520]: WCCP Disabled.
Jun 16 10:48:53 alkippe squid[8520]: Ready to serve requests.
Jun 16 10:48:53 alkippe squid[8520]: Done scanning /usr/local/squid/var/cache swaplog (0 entries)
Jun 16 10:48:53 alkippe squid[8520]: Finished rebuilding storage from disk.
Jun 16 10:48:53 alkippe squid[8520]: 0 Entries scanned
Jun 16 10:48:53 alkippe squid[8520]: 0 Invalid entries.
Jun 16 10:48:53 alkippe squid[8520]: 0 With invalid flags.
Jun 16 10:48:53 alkippe squid[8520]: 0 Objects loaded.
Jun 16 10:48:53 alkippe squid[8520]: 0 Objects expired.
Jun 16 10:48:53 alkippe squid[8520]: 0 Objects cancelled.
Jun 16 10:48:53 alkippe squid[8520]: 0 Duplicate URLs purged.
Jun 16 10:48:53 alkippe squid[8520]: 0 Swapfile clashes avoided.
Jun 16 10:48:53 alkippe squid[8520]: Took 0.7 seconds ( 0.0 objects/sec).
Jun 16 10:48:53 alkippe squid[8520]: Beginning Validation Procedure
Jun 16 10:48:53 alkippe squid[8520]: Completed Validation Procedure
Jun 16 10:48:53 alkippe squid[8520]: Validated 0 Entries
Jun 16 10:48:53 alkippe squid[8520]: store_swap_size = 0k
Jun 16 10:48:54 alkippe squid[8520]: storeLateRelease: released 0 objects
Jun 16 10:49:14 alkippe squid[8520]: authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'

PS: The same configuration runs on a other system (suse 9.0) without any problems.

Thanks for any help

Michael Kaiser
Business Unit IT-Services
Network Solutions
InfraServ Gendorf
E-Mail: mailto:KaiserM@gendorf.de
http://www.infraserv.gendorf.de
Received on Wed Jun 16 2004 - 03:08:19 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT