On Thu, 2003-10-30 at 05:53, rruegner wrote: > Hi, > i tried this too with samba 3 and squid 2.5STABLE4 and i cant get it to > work too.
> > > > I'm having a problem getting NTLM authentication working between Squid > > 2.5STABLE4 and Samba 3.0.0 running on Slackware Linux 2.4.18. I've read > the > > archives, faq, how-to, walk-thru, etc, and believe I have everthing > > correctly configured. I'm using the helper that is part of Samba 3.0, > > not the Squid helper. Basic authentication works fine with the helper, > > but I cannot get ntlmssp working. > > > > I can also authenticate successfully with the helper from the command > line: > > #ntlm_auth --username testuser --password testpass > > NT_STATUS_OK: Success (0x0) > > > > However, when I try to use ntlm authentication from a browser I get this > > in cache.log: > > [2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_request(1061) > > Got 'YR' from squid (length: 2). > > [2003/10/28 10:43:41, 10] > > utils/ntlm_auth.c:manage_squid_ntlmssp_request(312) > > got NTLMSSP packet: > > [2003/10/28 10:43:41, 10] > > utils/ntlm_auth.c:manage_squid_ntlmssp_request(322) > > NTLMSSP challenge > > > > IE 6.0 SP1 get's a The page Cannot be displayed error. Mozilla 1.5 gives > the login popup, > > but after entering user id and password returns the Cache Access Denied > page. What are the clients in these cases? (Win9X is known to have problem) Can you try Squid 3.0, applying this patch (not my patch, thank kinkie from the squid team for it), and set ntlmv2 on in your squid.conf? I think the problem might be that the client is setting something 'interesting' in their NTLMSSP negotiate packet, but that without this patch, we are prevented from seeing it. (The patch might apply the squid 2.5, if you rename the .cc to .c). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
