[squid-users] SQUID + NTLM + SAMBA Domain auth broken after net rpc changetrustpw from klxout on 2012-09-17 (squid-users)

From: klxout <klxout_at_gmail.com>
Date: Mon, 17 Sep 2012 21:24:17 +0200

Hello,

I have a Debian 6 (Squeeze) with Squid 3.1.6 configured with NTLM auth
(http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm) and all
is working correctly, but we have only one problem.
It seems that every 7 days NTLM auth is broken and I think that the
problem is with machine trusted password must be changed every day as
is described in
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm with net
rpc changetrustpw, but I have tried this and doesn't work.
Samba Domain is in Debian (5) Lenny with Samba 3.2.5 and LDAP 2.4

As workaround to solve I have to rejoin the domain

Example:

root_at_server:~# wbinfo -t
checking the trust secret for domain DOMAIN via RPC calls succeeded
root_at_server:~# net rpc changetrustpw
root_at_server:~# wbinfo -t
checking the trust secret for domain DOMAIN via RPC calls failed
Could not check secret
root_at_server:~# net rpc join -U administrator
Enter administrador's password:
Joined domain DOMAIN.
root_at_server:~# wbinfo -t
checking the trust secret for domain DOMAIN via RPC calls succeeded

cache.log of Squid 3.1.6
2012/09/17 16:55:37| authenticateNTLMHandleReply: Error validating
user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
[2012/09/17 16:55:38.861018, 0] utils/ntlm_auth.c:598(winbind_pw_check)
  Login for user [DOMAIN]\[user1]@[HOST1] failed due to [Access denied]
[2012/09/17 16:55:38.861126, 0]
utils/ntlm_auth.c:888(manage_squid_ntlmssp_request)
  NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2012/09/17 16:55:38| authenticateNTLMHandleReply: Error validating
user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
[2012/09/17 16:55:38.993200, 0] utils/ntlm_auth.c:598(winbind_pw_check)
  Login for user [DOMAIN]\[user2]@[HOST2] failed due to [Access denied]
[2012/09/17 16:55:38.993300, 0]
utils/ntlm_auth.c:888(manage_squid_ntlmssp_request)
  NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2012/09/17 16:55:38| authenticateNTLMHandleReply: Error validating
user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'

What can I do to solve this problem?

Thanks
Received on Mon Sep 17 2012 - 19:24:23 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 18 2012 - 12:00:02 MDT