Greetings: I am in the process of setting up ntlm-based user authentication with Squid. Following the various instructions available in the FAQ and on the mailing list, I have what appears to be a functioning setup: I can use `wbinfo' to authenticate successfully, and Squid works as configured, logging my authenticated username into the logs. However, after what appears to be a random amount of time into a browsing session, I begin to get authentication failures that cause a "Login" window to pop up. Restarting winbindd with debugging turned on shows a string of successful credential checks, followed by failures:
[2003/06/04 10:14:29, 5] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(213) NTLM CRAP authentication for user [MYGROUP]\[STEVE] returned NT_STATUS_OK (PAM: 0) ... a bunch of these, followed by a string of: [2003/06/04 10:16:41, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(213) NTLM CRAP authentication for user [MYGROUP]\[STEVE] returned NT_STATUS_WRONG_PASSWORD (PAM: 4) What's strange is that a page will almost load up to completion, but then things will grind to a halt with a password prompt when trying to load up a random image on the page. I am running 2.5S3 and Samba 2.2.8a on a Solaris 8/SPARC machine. The PDC is running Windows 2000+SP3. I have witnessed this behaviour occuring with IE 5.5 & 6 running on Win98, 2000 and XP. Relevant parts of the configuration files: == squid.conf == auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes == smb.conf == workgroup = MYGROUP password server = MYPDC security = domain winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes $ ./wbinfo -a MYGROUP\\steve%password plaintext password authentication succeeded challenge/response password authentication succeeded Any help would be greatly appreciated. I can easily turn up the debug level on winbindd to capture more detail if it'll help. Thank you, Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
