[squid-users] Squid NTLM authentication problem NT domain

From: nikolay nenchev <koljoman@dont-contact.us>
Date: Tue, 1 Feb 2005 18:14:51 +0200 (EET)

Hi,
I have search in faq and mailing list about this problem and the only solution was with the premission in winbindd_privileged/pipe. So I'm going to discribe my situation:

I have install samba 3.0.10 with
 ./configure --with-winbind
smb.conf:
[global]
   workgroup = mylan
   server string = Samba Server
   security = domain
   load printers = no
   log file = /usr/local/samba/var/log.%m
   max log size = 50
   password server = pdc
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind use default domain = yes
   winbind enum users = yes
   winbind enum groups = yes
   encrypt passwords = yes
   wins server = 10.0.0.1
   dns proxy = no
##
permitions:
drwxr-s--- 2 root squid 4096 Jan 31 15:26 winbindd_privileged

srwxrwxrwx 1 root squid 0 Jan 31 15:26 pipe

proxy squid (squid-2.5.STABLE5-icap-6-pre3)compiled and configuration:
./configure --enable-auth="ntlm,basic" --enable-external-acl-helpers="wbinfo_group"

squid.conf:

auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl Auth proxy_auth REQUIRED

http_access allow all Auth

error:
after starting:
./squid -N -d1
 and IE 6 sp2
it crashes:
FATAL: authenticateNTLMHandleReply: called with no result string

in the access.log:

1107254685.852 3 10.3.67.89 TCP_DENIED/407 1698 GET http://web/ - NONE/- text/html
1107254695.134 1 10.3.67.89 TCP_DENIED/407 1698 GET http://web/ - NONE/- text/html
in the cache.log:
2005/02/01 15:31:44| helperStatefulOpenServers: Starting 30 'ntlm_auth' processes
ntlm_auth: error opening config file /usr/local/samba/lib/smb.conf. Error was Invalid or incomplete multibyte or wide character
......

2005/02/01 15:31:48| helperOpenServers: Starting 5 'ntlm_auth' processes
ntlm_auth: error opening config file /usr/local/samba/lib/smb.conf. Error was Invalid or incomplete multibyte or wide character
###
squid is ruuning as squid user, squid group

./wbinfo -t, -u, -g , -a user%password is ok and successfull
/usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
        mylan\myuser mypasswd
        OK
so can you tell me where is my problem?
i need nt domain authentication, squid/samba server is a member server.
also i don't have wb_group for group authentication, but i'll fix it this after solving main issue.
Thanks,
Nikolay

-----------------------------------------------------------------
http://gbg.bg/search - Изпробвайте още сега най-добрата българска търсачка!
Received on Tue Feb 01 2005 - 09:14:54 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST