RE: [squid-users] Error returned 'BH NT_STATUS_ACCESS_DENIED'

From: Elsen Marc <elsen@dont-contact.us>
Date: Thu, 7 Apr 2005 14:10:38 +0200

 
>
> Hi everybody,
>
> I setup squid-2.5.STABLE9 with samba-3.0.13 to use
> winbind authentication over a Windows 2003 Active
> Directory.
> Web users' authentication from my proxy server box
> succeede.
> But when a remote user try to authenticate himself,
> authentication failes and Squid return the following:
> authenticateNTLMHandleReply: Error validating user
> via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
>
> I configured samba with (--with-ads --with-ldap
> --with-winbind --with-winbind-auth-challenge).
>
> And I configure squid with (--enable-auth="ntlm,basic"
> --enable-basic-auth-helpers="winbind"
> --enable-ntlm-auth-helpers="winbind").
>
> My squid.conf file containes the following:
> auth_param ntlm program
> /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
>
> auth_param basic program
> /usr/local/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web
> server
> auth_param basic credentialsttl 2 hours
>
>
> acl authUsers proxy_auth REQUIRED
> http_access allow authUsers
> http_access deny all
>
> Does anyone have an idea?
> Thanks in advance.
>
 
BTW , there seems to be a recently discovered issue with this
SAMBA release and Windows 2003 SP1
being used as a AD (and or domain controller)
(>Windows 2003 SP1< recently made available by MS$) :

   Checkout this thread :

         http://lists.samba.org/archive/samba-technical/2005-April/040187.html

   You apparently may need this samba patch :

         http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch

  M.
Received on Thu Apr 07 2005 - 06:12:08 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT