Re: [squid-users] Problems with NTLM

From: Harry Mills <harry_at_mad-cat.co.uk>
Date: Thu, 19 Apr 2012 18:16:57 +0100

On 19/04/2012 17:52, Wladner Klimach wrote:
> Look what I've got from cache.log from a Windows XP client :
>
> [2012/04/19 13:45:04, 0] utils/ntlm_auth.c:558(winbind_pw_check)
> Login for user [REDECAMARA]\[P_991064]@[CAINF-269652] failed due to
> [winbind client not authorized to use winbindd_pam_auth_crap. Ensure
> permissions on /var/lib/samba/winbindd_privileged are set correctly.]
> [2012/04/19 13:45:04, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request)
> 2012/04/19 13:45:04.390| authenticateNTLMHandleReply: helper:
> '0x12212b08' sent us 'BH NT_STATUS_ACCESS_DENIED'
> NTLMSSP BH: NT_STATUS_ACCESS_DENIED
> 2012/04/19 13:45:04.390| ntlm/auth_ntlm.cc(504) releaseAuthServer:
> releasing NTLM auth server '0x12212b08'
> 2012/04/19 13:45:04.390| authenticateNTLMHandleReply: Error validating
> user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
>
> What user do I have to set permission to access winbindd_privileged??

On my Redhat setup I have the following perms:

drwxr-x--- 2 root wbpriv

I have put the squid user into the wbpriv group.

Regards

Harry

> regards,
>
> Wladner
>
> 2012/4/18 Simon Dwyer<mail_at_simmyd.net>:
>> HI Wladner,
>>
>> I get that second message when i forget to start the winbind service.
>>
>> on Centos : service start winbind
>>
>> Simon
>>
>> On Wed, 2012-04-18 at 16:05 -0300, Wladner Klimach wrote:
>>> Hi everyone,
>>>
>>> I'm trying to implement NTLM scheme in my squid box. I've already
>>> configured samba and winbind so that I can check with wbinfo and even
>>> run /usr/bin/ntlm_auth at the shell and it works. But for some hidden
>>> problem squid is not having the same result. Look what is poping up at
>>> the cache.log:
>>>
>>> 2012/04/18 15:59:58.404| authenticateNTLMHandleReply: helper:
>>> '0x1fe158b8' sent us 'NA NT_STATUS_UNSUCCESSFUL'
>>>
>>> [2012/04/18 16:00:01, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
>>> could not obtain winbind netbios name!
>>>
>>> I hope some nice soul can help me!
>>>
>>> regards,
>>>
>>> Wladner
>>
>>
Received on Thu Apr 19 2012 - 17:21:25 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 19 2012 - 12:00:03 MDT