On 20 Nov 2003, Dave Augustus wrote: > On the browser side, I got prompted for the username/password/domain but > always got denied after 3 times. Winbind log said: > > [2003/11/20 16:46:27, 2] > nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(222) > winbindd_pam_auth_crap: non-privileged access denied!
I think this means you have not given Squid permission to use the privileged winbind pipe. This privileged pipe is only needed for NTLM authentication. The best way to set up such permissions is to create a UNIX group for the purpose, and assign the system users who should be allowed to talk directly to the privileged parts of winbind to this group. The Samba people thinks the low-level communication method used for NTLM authentication is too sensitive for the domain to allow any local application access to the function. Regards Henrik
