The problem was solved by installing the latest stable version of Samba
3.3.0.
Regards, Aleksey
Aleksey Chudov wrote:
> I have the following messages in logs while trying to connect from
> windows 98 workstation:
>
> /var/log/samba/log.wb-MYDOMAIN
>
> [2009/02/11 23:29:35, 2]
> winbindd/winbindd_pam.c:winbindd_dual_pam_auth_crap(1990)
> NTLM CRAP authentication for user [MYDOMA]\[ALEKSE] returned
> NT_STATUS_NO_SUCH_USER (PAM: 10)
>
> /var/log/squid/cache.log
>
> 2009/02/11 23:38:42.009| The request GET http://www.example.com is
> DENIED, because it matched 'Authorized_Users'
> 2009/02/11 23:38:42.010| The reply for GET http://www.example.com is
> ALLOWED, because it matched 'Authorized_Users'
> 2009/02/11 23:38:42.041| AuthNTLMUserRequest::authenticate: need to
> challenge client'
> TlRMTVNTUAACAAAACAAIADAAAAAGgomAn/5kwXldXi4AAAAAAAAAAHIAcgA4AAAAQkJBTFRJSkECABAAQgBCAEEATABUAEkASgBBAAEACgBQAFIATwBYAFkABAAcAGIAYgBhAGwAdABpAGoAYQAuAGIAYgAuAGwAdgADACgAcAByAG8AeAB5AC4AYgBiAGEAbAB0AGkAagBhAC4AYgBiAC4AbAB2AAAAAAA='!
>
> 2009/02/11 23:38:42.041| The request GET http://www.example.com is
> DENIED, because it matched 'Authorized_Users'
> 2009/02/11 23:38:42.041| The reply for GET http://www.example.com is
> ALLOWED, because it matched 'Authorized_Users'
> 2009/02/11 23:38:42.059| The request GET http://www.example.com is
> DENIED, because it matched 'Authorized_Users'
> 2009/02/11 23:38:42.059| The reply for GET http://www.example.com is
> ALLOWED, because it matched 'Authorized_Users'
>
>
> Regards, Aleksey
>
>
>
>
> Aleksey Chudov wrote:
>> Hello,
>>
>> I successfully configured Squid with ntlm2 authentication. Tested
>> with Windows XP workstations.
>> But I steel have some Windows 98 machines in my network witch is
>> configured to use ntlm2 authentication like in article
>> http://support.microsoft.com/kb/239869.
>> I can access Samba share on my proxy server but I can't access
>> internet, every time I get authentication request from browser.
>> I try to enter correct user name, password and domain but unsuccessful.
>>
>> Could you help me please?
>>
>>
>> My squid.conf:
>>
>> auth_param ntlm program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-ntlmssp
>> auth_param ntlm children 10
>> auth_param ntlm keep_alive on
>> auth_param basic program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-basic
>> auth_param basic children 5
>> auth_param basic realm Domain Proxy Server
>> auth_param basic credentialsttl 2 hours
>> auth_param basic casesensitive off
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>> acl Authorized_Users proxy_auth REQUIRED
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny to_localhost
>> http_access allow Authorized_Users
>> http_access deny all
>> icp_access deny all
>> htcp_access deny all
>> http_port 3128
>> hierarchy_stoplist cgi-bin ?
>> cache_mem 2048 MB
>> maximum_object_size_in_memory 4096 KB
>> cache_dir null /var/spool/squid3
>> access_log /var/log/squid3/access.log squid
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>> negative_ttl 0 seconds
>> request_header_max_size 64 KB
>> reply_header_max_size 64 KB
>> shutdown_lifetime 5 seconds
>> httpd_suppress_version_string on
>> coredump_dir /var/spool/squid3
>>
>> My smb.conf:
>>
>> [global]
>> workgroup = DOMAIN
>> realm = DOMAIN.LOCAL
>> server string =
>> security = ADS
>> restrict anonymous = 2
>> client lanman auth = No
>> client ntlmv2 auth = Yes
>> client plaintext auth = No
>> ldap ssl = On
>> log level = 0
>> syslog = 0
>> log file = /var/log/samba/log.%m
>> max log size = 1024
>> name resolve order = hosts wins bcast
>> socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>> load printers = No
>> show add printer wizard = No
>> lm announce = No
>> preferred master = No
>> local master = No
>> domain master = No
>> dns proxy = No
>> wins server = 192.168.0.2
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> winbind use default domain = Yes
>> invalid users = root
>> create mask = 0600
>> directory mask = 0700
>> hosts allow = 127., 192.168.0.0/24
>> hosts deny = ALL
>> template shell = /bin/bash
>> template homedir = /home/%U
>> case sensitive = No
>>
Received on Tue Feb 17 2009 - 09:13:58 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 17 2009 - 12:00:02 MST