[squid-users] Problems with wb_ntlmauth

Hi

I've been banging my head against a wall for too long and I
hope someone can enlighten me as to what I am doing wrong. I
have been trying to get a squid proxy (using NT4 domain
logons) working on a RHEL WS 3.0 server and had some success
using basic authentication. The problem is that I want to
pass the login details to Websense Enterprise for content
filtering which requires the use of wb_ntlmauth.

I have some documentation provided by Websense that says I
need to ensure that Samba is built with --with-winbind and
--with-winbind-auth-challenge (which it is - now) and also
gave me the chunk of squid.conf to make it work:

auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic children 5
auth_param basic realm Salvesen Proxy
auth_param basic credentialsttl 2 hours

This passes verification and starts up okay but whenever a
client tries to connect I see the following in cache.log:

(wb_ntlmauth)[2818](wb_ntlm_auth.c:414): Can't contact
winbindd. Dying

The wbinfo command works with -t, -u, -g, -a
getent passwd and getent group both work
I can connect to shares with my desktop PC and open Server
Manager
I just can't understand why it is not working...

I am running Samba/winbindd version 3.0.7-1.3E and Squid
2.5.STABLE3, both provided by RedHat

-- 
Ian Large

--------------------------------------------------------------------------------

For information on Christian Salvesen visit our website at www.salvesen.com.

The information contained in this e-mail is strictly confidential and for the use of the addressee only; it may also be legally privileged and / or price sensitive.  Notice is hereby given that any disclosure, use or copying of the information by anyone other than the intended recipient is prohibited and may be illegal.  If you have received this message in error, please notify the sender immediately by return e-mail.

Christian Salvesen has taken every reasonable precaution to ensure that any attachment to this e-mail has been swept for viruses.  However, we cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment.

Christian Salvesen is a trading name of the Christian Salvesen Group.  Christian Salvesen PLC (Company number SC7173) is the ultimate holding company within the Christian Salvesen Group whose registered office is at 16 Charlotte Square, Edinburgh EH2 4DF.