On Thu, 24 Feb 2011 00:59:58 +0000, Julian Pilfold-Bagwell wrote:
> Hi All,
>
> I have a problem with NTLM authentication on squid-2.6.STABLE21-6.el5
> on CentOS 5.5.
>
> If I run /usr/bin/ntml_auth --username=jpb --domain=BGS, it returns
> success. Samba (v3.5.6) file sharing works as does winbind's wbinfo
> -, wbinfo -g, wbinfo -t so I'm fairly sure that both Samba and
> winbind
> are functioning OK.
>
> If I go to a client and try to visit a website, I get the pop up
> credentials box but entering the same credentials as on the ntlm_auth
> line above generates the following with the virtual XP being a VM and
> the jpb-workstation being a Linux box:
>
> [2011/02/23 22:49:05.671790, 3]
> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
> Got NTLMSSP neg_flags=0xa2088207
> [2011/02/23 22:49:05.674159, 3]
> libsmb/ntlmssp.c:747(ntlmssp_server_auth)
> Got user=[bgs0001] domain=[BGS] workstation=[VIRTUAL-XP] len1=24
> len2=24
> [2011/02/23 22:49:05.675008, 3]
> utils/ntlm_auth.c:598(winbind_pw_check)
> Login for user [BGS]\[bgs0001]@[VIRTUAL-XP] failed due to [Invalid
> handle]
>
>
> [2011/02/23 23:03:24.838232, 3]
> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
> Got NTLMSSP neg_flags=0x00088207
> [2011/02/23 23:03:24.845152, 3]
> libsmb/ntlmssp.c:747(ntlmssp_server_auth)
> Got user=[jpb] domain=[] workstation=[jpb-desktop] len1=24 len2=24
> [2011/02/23 23:03:24.845972, 3]
> utils/ntlm_auth.c:598(winbind_pw_check)
> Login for user []\[jpb]@[jpb-desktop] failed due to [Invalid
> handle]
> [2011/02/23 23:03:40.780692, 3]
> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
> Got NTLMSSP neg_flags=0x00088207
> [2011/02/23 23:03:40.782125, 3]
> libsmb/ntlmssp.c:747(ntlmssp_server_auth)
> Got user=[jpb] domain=[bgs] workstation=[jpb-desktop] len1=24
> len2=24
> [2011/02/23 23:03:40.782938, 3]
> utils/ntlm_auth.c:598(winbind_pw_check)
> Login for user [bgs]\[jpb]@[jpb-desktop] failed due to [Invalid
> handle]
> [2011/02/23 23:05:13.260874, 3]
> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
> Got NTLMSSP neg_flags=0x00088207
> [2011/02/23 23:05:13.262425, 3]
> libsmb/ntlmssp.c:747(ntlmssp_server_auth)
> Got user=[jpb] domain=[] workstation=[jpb-desktop] len1=24 len2=24
> [2011/02/23 23:05:13.263254, 3]
> utils/ntlm_auth.c:598(winbind_pw_check)
> Login for user []\[jpb]@[jpb-desktop] failed due to [Invalid
> handle]
>
>
> Given that using the ntlm_auth command directly succeeds, I'm unsure
> as to whether this a problem with Samba, Squid or the interaction
> between the two. I've set the permissions on the winbind privileged
> pipe to 750, created a group called winbindd_priv and added the squid
> user to that group. There are no messages relating to being unable to
> read from the pipe.
>
> There are other people that have had the same problem but nothing
> I've looked at has solved it yet. Has anyone else been here?
Ensure that you are using the helper provided by Samba. The one with
same name provided by Squid is rather broken in modern networks.
If the problem persists it is likely between the client and Samba.
Though squid can still affect this if connection persistence is failing
the message then would be about expected token types.
Amos
Received on Thu Feb 24 2011 - 01:08:17 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 24 2011 - 12:00:03 MST