Hi All,
I'm currently running some squid proxies that serve a lot (3k+) of
users. Until recently they were using the NTLM authenticator that is
shipped with squid (/usr/lib64/squid/ntlm_auth), but due to countless
problems recently I've finally set them to use the helper provided by
Samba (Version 3.0.28-0.el5.8). It seems to work fine under most
circumstances but about 10 users cannot authenticate as their
computers seem not to be sending the correct domain to the proxy. The
log goes like this:
Got user=[USERNAME] domain=[PROXY1] workstation=[WRKSTATION] len1=24
len2=24
Login for user [PROXY1]\[USERNAME]@[WRKSTATION] failed due to [No such user]
This happens when we set their proxy address to proxy1.ourdomain.com.
If we manually set the proxy IP address on their proxy settings it
seems to authenticate just fine:
Got user=[USERNAME] domain=[INTRA] workstation=[WRKSTATION] len1=24 len2=24
Our domain name is INTRA. On the same machine I'm able to log in with
my domain user and use the proxy normally. We have tried re-creating
the user's profile to no avail.
The authentication settings are as follow:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 256
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 64
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
auth_param basic realm "Access Control "
And our external acl is:
external_acl_type nt_group ttl=10 concurrency=5 children=20 %LOGIN
/usr/lib64/squid/wbinfo_group.pl
Does anyone have any idea as to what could be going on, or where to
start looking for a fix?
Thank you!
-- Diego LimaReceived on Tue Mar 30 2010 - 17:16:59 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 31 2010 - 12:00:06 MDT