I have the following messages in logs while trying to connect from
windows 98 workstation:
/var/log/samba/log.wb-MYDOMAIN
[2009/02/11 23:29:35, 2]
winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1990)
NTLM CRAP authentication for user [MYDOMA]\[ALEKSE] returned
NT_STATUS_NO_SUCH_USER (PAM: 10)
/var/log/squid/cache.log
2009/02/11 23:38:42.009| The request GET http://www.example.com is
DENIED, because it matched 'Authorized_Users'
2009/02/11 23:38:42.010| The reply for GET http://www.example.com is
ALLOWED, because it matched 'Authorized_Users'
2009/02/11 23:38:42.041| AuthNTLMUserRequest::authenticate: need to
challenge client'
TlRMTVNTUAACAAAACAAIADAAAAAGgomAn/5kwXldXi4AAAAAAAAAAHIAcgA4AAAAQkJBTFRJSkECABAAQgBCAEEATABUAEkASgBBAAEACgBQAFIATwBYAFkABAAcAGIAYgBhAGwAdABpAGoAYQAuAGIAYgAuAGwAdgADACgAcAByAG8AeAB5AC4AYgBiAGEAbAB0AGkAagBhAC4AYgBiAC4AbAB2AAAAAAA='!
2009/02/11 23:38:42.041| The request GET http://www.example.com is
DENIED, because it matched 'Authorized_Users'
2009/02/11 23:38:42.041| The reply for GET http://www.example.com is
ALLOWED, because it matched 'Authorized_Users'
2009/02/11 23:38:42.059| The request GET http://www.example.com is
DENIED, because it matched 'Authorized_Users'
2009/02/11 23:38:42.059| The reply for GET http://www.example.com is
ALLOWED, because it matched 'Authorized_Users'
Regards, Aleksey
Aleksey Chudov wrote:
> Hello,
>
> I successfully configured Squid with ntlm2 authentication. Tested with
> Windows XP workstations.
> But I steel have some Windows 98 machines in my network witch is
> configured to use ntlm2 authentication like in article
> http://support.microsoft.com/kb/239869.
> I can access Samba share on my proxy server but I can't access
> internet, every time I get authentication request from browser.
> I try to enter correct user name, password and domain but unsuccessful.
>
> Could you help me please?
>
>
> My squid.conf:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 10
> auth_param ntlm keep_alive on
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Domain Proxy Server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl Authorized_Users proxy_auth REQUIRED
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access allow Authorized_Users
> http_access deny all
> icp_access deny all
> htcp_access deny all
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> cache_mem 2048 MB
> maximum_object_size_in_memory 4096 KB
> cache_dir null /var/spool/squid3
> access_log /var/log/squid3/access.log squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> negative_ttl 0 seconds
> request_header_max_size 64 KB
> reply_header_max_size 64 KB
> shutdown_lifetime 5 seconds
> httpd_suppress_version_string on
> coredump_dir /var/spool/squid3
>
> My smb.conf:
>
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.LOCAL
> server string =
> security = ADS
> restrict anonymous = 2
> client lanman auth = No
> client ntlmv2 auth = Yes
> client plaintext auth = No
> ldap ssl = On
> log level = 0
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1024
> name resolve order = hosts wins bcast
> socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> load printers = No
> show add printer wizard = No
> lm announce = No
> preferred master = No
> local master = No
> domain master = No
> dns proxy = No
> wins server = 192.168.0.2
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind use default domain = Yes
> invalid users = root
> create mask = 0600
> directory mask = 0700
> hosts allow = 127., 192.168.0.0/24
> hosts deny = ALL
> template shell = /bin/bash
> template homedir = /home/%U
> case sensitive = No
>
Received on Wed Feb 11 2009 - 21:42:28 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 17 2009 - 12:00:02 MST