On Fri, 15 Oct 2004, Hal Douglas wrote:
I need some help sorting out a problem I've got with ntlm_auth using squid and winbind. I'm using Squid-2.5.STABLE6 and Samba 3.0.7.
Make sure to use the ntlm_auth from Samba, not the one from Squid. But I think you have done this already.
# wbinfo -t checking the trust secret via RPC calls succeeded
Good.
# wbinfo -a username%password plaintext password authentication succeeded challenge/response password authentication succeeded
Good.
However, if I do as per the docs I'm following:
# wbinfo -a mydomain\\username%password plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc0000064) error messsage was: No such user Could not authenticate user mydomain\username%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc0000064) error messsage was: No such user Could not authenticate user mydomain\username with challenge/response
This is somewhat winbind version specific and may also be dependent on your smb.conf settings for the domain separator. But as the test above succeeded this is not critical.
But, doing:
# /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic mydomain+username password OK
Good.
So, does anyone know what I've done wrong here, if anything? It seems to me that it SHOULD be working, unless I've got something wrong in the squid or samba .conf files. I wont post those, because this email is long enough already, but I'll provide links to them.
Are you using NTLM or Basic authentication?
Please enable log_mime_hdrs, then test with a dummy account and post the result here, inlcuding the supposed account name and password. Also post any cache.log messages if there is any with the default log levels.
Regards Henrik
