Dave Raven wrote:
> Okay I have an update with more progress - it seems the problem is only to
> do with ntlmssp. If I only have a basic authenticator - which looks like
> the following, it works perfectly:
> However, when I use ntlmssp in the squid config, shown below, it does not
> work:
>
> auth_param ntlm program /usr/optec/ntlm_auth.sh ntlmssp
> auth_param ntlm children 10
> auth_param ntlm use_ntlm_negotiate yes
>
> I see the following debug messages:
> [2005/11/09 13:22:37, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
> Got user=[ianb] domain=[MASTERMIND] workstation=[LUCY] len1=24 len2=24
> [2005/11/09 13:22:37, 3] utils/ntlm_auth.c:winbind_pw_check(427)
> Login for user [MASTERMIND]\[ianb]@[LUCY] failed due to [Wrong Password]
>
> If I type ian instead of ianb, I see an error saying the user does not
> exist. This must mean that somehow the wrong password is being passed in
> the wrong way - even though it is typed right.
>
> For anyone who hasn't read the rest of this thread please note: this only
> happens with the security option on the AD server set to ONLY allow
> NTLMv2/LMv2 and not anything else. If we turn that off it works
> perfectly...
It looks like this might be a Samba issue - Ian had stated that if only
NTLMv2 is allowed, then Samba can't even join the domain. I would suggest
taking this to the Samba list.
Adam
Received on Wed Nov 09 2005 - 12:15:12 MST
This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST