Hi, what are the results of samba tools check : wbinfo -t wbinfo -a user%password
Also, check http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 P-E -----Message d'origine----- De : news [mailto:[EMAIL PROTECTED] la part de Norman Zhang Envoy� : jeudi 10 juin 2004 19:19 � : [EMAIL PROTECTED] Objet : [squid-users] Re: Incompatibilities between Samba and Squid Hi, After making the changes I still cannot get through. /var/log/syslog shows the following, Jun 10 10:14:20 proxy (squid): authenticateNTLMHandleReply: called with no result string Jun 10 10:14:20 proxy squid[2229]: Squid Parent: child process 2273 exited due to signal 6 Jun 10 10:14:23 proxy squid[2229]: Squid Parent: child process 2288 started Jun 10 10:14:23 proxy winbindd[1354]: [2004/06/10 10:14:23, 0] nsswitch/winbindd.c:process_loop(726) Jun 10 10:14:23 proxy winbindd[1354]: process_loop: Invalid request size from pid 2295: 1304 bytes sent, should be 1568 Jun 10 10:14:23 proxy winbindd[1354]: This usually means that you are running old wbinfo, pam_winbind or libnss_winbind clients /var/log/squid/access.log displays. 1086887660.896 41 192.168.22.7 TCP_DENIED/407 1691 GET http://www.cbc.ca/ - NONE/- text/html May I ask is there other ways to solve this? Regards, Norman SXB6300 Mailing wrote: > You should use the ntlm helper shipped with samba. wb_ntlmauth are the old helpers > of squid 2.4x versions. For squid 2.5, it's highly recommended to use samba > helpers : replace wb_ntlmauth by ntlm_auth (usually in /usr/bin) in squid .conf > Regards, > > P-E > > -----Message d'origine----- > De : news [mailto:[EMAIL PROTECTED] la part de Norman Zhang > Envoy� : jeudi 10 juin 2004 02:21 > > I'm running Squid-2.5.STABLE4-1.100mdk with samba-server-3.0.2a-3mdk. > When I tried to go the internet, I see the following in > > /var/log/syslog > Jun 9 17:06:07 proxy (squid): authenticateNTLMHandleReply: called with > no result string > Jun 9 17:06:07 proxy squid[1571]: Squid Parent: child process 2617 > exited due to signal 6 > > /var/log/squid/access.log > 1086825967.398 31 192.168.22.7 TCP_DENIED/407 1706 GET > http://www.mozilla.org/ - NONE/- text/html > > Searching through the archives seems to indicate a bug with Samba's NTLM > helper? May I ask is there a fix for this? > > cache_mgr [EMAIL PROTECTED] > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > cache_mem 16 MB > cache_dir ufs /var/spool/squid 200 16 256 > cache_peer 127.0.0.1 parent 80 7 default no-query > acl binaries urlpath_regex -i \.exe$ \.zip$ \.vbs$ \.gz$ > cache_peer_access 127.0.0.1 allow binaries > never_direct allow binaries > > ftp_user [EMAIL PROTECTED] > auth_param ntlm program /usr/lib/squid/wb_ntlmauth > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > > external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group > > acl ProxyUsers external NT_global_group ProxyUsers > acl authusrs proxy_auth REQUIRED > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl webmin port 10000 20000 # webmin, usermin > acl CONNECT method CONNECT > acl localnet dst 192.168.11.0/26 192.168.22.0/25 > acl arkonweb dst 207.34.136.4 207.34.136.5 207.34.136.7 > acl pdfgrab browser WebCapture > acl realplay browser RealMedia > acl ssread browser SSDOWNLOAD > acl ssread browser SSREADER > > http_access allow manager localhost > http_access deny manager > http_access allow CONNECT webmin > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localnet > http_access allow arkonweb > http_access allow pdfgrab > http_access allow realplay > http_access allow ssread > http_access allow authusrs ProxyUsers > http_access allow localhost > http_access deny all > > icp_access allow all
