On 2/22/07, Ray Dermody <[EMAIL PROTECTED]> wrote:
Hi, Thanks for that Craig, that seems to have got me a bit further now. Im getting prompted for a username and password when I try to browse but it accepting nothing. Under /var/log/messages Im can see ntlm_auth (permission?) errors.Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:12): avc: denied { create } for pid=3133 comm="ntlm_auth" scontext=user_u:system_r:winbind_helper_t tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:13): avc: denied { create } for pid=3133 comm="ntlm_auth" scontext=user_u:system_r:winbind_helper_t tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket Feb 22 12:43:16 squidtest kernel: audit(1172148196.323:14): avc: denied { create } for pid=3133 comm="ntlm_auth" scontext=user_u:system_r:winbind_helper_t tcontext=user_u:system_r:winbind_helper_t tclass=udp_socket Has any seen this error before.
These are audit notices from SELinux. It appears that SELinux is set to permissive mode. As they begin with 'audit' they have no true effect on your systems operation. Somebody with more SELinux policy experience than I might be able to tell you how to correct the policy to permit the helper program. However, I don't think this is affecting any issues you are mentioning in this post. If you are working with a client that is *not* a member of your domain you may need to try entering the username as 'domain\username' or '[EMAIL PROTECTED]' If the machine is not a domain member it will supply its own name in the place of 'domain' and the authentication will fail. You can also tail the squid access.log while attempting to browse and see what is happening to the request. Maybe the cache.log also... although this may depend on the debug level set in your squid.conf (again, maybe someone more knowledgeable can comment on this). Chris
