[squid-users] Occasional ntlm auth problems

From: Robert Vaughan <rvaughan3_at_csc.com>
Date: Wed, 7 Dec 2011 09:30:31 -0500


We're using Squid-2.5.STABLE14 and occasionally when we rotate logs
(nightly event) something breaks in the squid->ntlm_auth->winbind chain
such that users get prompted in their browsers to authenticate.

In the cache log we see this error for each user:

Login for user [domain]\[user]@[machine] failed due to [winbind client not
authorized to use winbindd_pam_auth_crap. Ensure permissions on
/appl/samba-3.2.10/var/locks/winbindd_privileged are set correctly.]

The permissions are of course correct on the winbindd_privileged folder
and the pipe (this works most of the time)

drwxr-x--- 2 root squid 3 Dec 3 22:29

srwxrwxrwx 1 root root 0 Dec 3 22:29 pipe

Squid runs as effective user 'operator' which is in the 'squid' group.

When the problem happens I shutdown Squid and restart it and everything
works once again.

Thanks for looking.

Received on Wed Dec 07 2011 - 14:30:42 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 08 2011 - 12:00:02 MST