[Samba] ntlm_auth problem in Squid 2.5

teddy_lim at necph.nec.co.jp teddy_lim at necph.nec.co.jp
Thu Dec 18 08:18:52 GMT 2003 

Hi!

I have a problem with the ntlm_auth helper (samba-3.0.2) under squid. I 
got the following from the cache.log:

[2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_request(1114)
  Got 'YR' from squid (length: 2).
[2003/12/18 15:36:48, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(362)
  got NTLMSSP packet:
[2003/12/18 15:36:48, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(372)
  NTLMSSP challenge
[2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_request(1114)
  Got 'KK 
TlRMTVNTUAADAAAAGAAYAFEAAAAYABgAaQAAAAcABwBAAAAABQAFAEcAAAAFAAUATAAAAA
AAAACBAAAABgIAAE5FQ1BISUxHVUVTVFRFRERZxsHZ3wmcQXsf/i6WpXC+ofVxwR7tpVD+cQtd5yW38y
COE3BYQou44IJIwwXAIJLO' from squid (length: 175).
[2003/12/18 15:36:48, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(362)
  got NTLMSSP packet:
[2003/12/18 15:36:48, 10] lib/util.c:dump_data(1830)
  [000] 4E 54 4C 4D 53 53 50 00  03 00 00 00 18 00 18 00  NTLMSSP. 
........
  [010] 51 00 00 00 18 00 18 00  69 00 00 00 07 00 07 00  Q....... 
i.......
  [020] 40 00 00 00 05 00 05 00  47 00 00 00 05 00 05 00  @....... 
G.......
  [030] 4C 00 00 00 00 00 00 00  81 00 00 00 06 02 00 00  L....... 
........
  [040] 4E 45 43 50 48 49 4C 47  55 45 53 54 54 45 44 44  NECPHILG 
UESTTEDD
  [050] 59 C6 C1 D9 DF 09 9C 41  7B 1F FE 2E 96 A5 70 BE  Y......A 
{.....p.
  [060] A1 F5 71 C1 1E ED A5 50  FE 71 0B 5D E7 25 B7 F3  ..q....P 
.q.].%..
  [070] 20 8E 13 70 58 42 8B B8  E0 82 48 C3 05 C0 20 92   ..pXB.. ..H... 
.
  [080] CE                                                .
[2003/12/18 15:36:48, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(609)
  Got user=[GUEST] domain=[NECPHIL] workstation=[TEDDY] len1=24 len2=24
[2003/12/18 15:36:48, 0] utils/ntlm_auth.c:winbind_pw_check(325)
  Login for user [NECPHIL]\[GUEST]@[TEDDY] failed due to [winbind client 
not aut
horized to use winbindd_pam_auth_crap.  Ensure permissions on 
/var/cache/samba/w
inbindd_privileged are set correctly.]
[2003/12/18 15:36:48, 0] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(375)
  NTLMSSP BH: NT_STATUS_ACCESS_DENIED

squid.conf settings are:

auth_param ntlm program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp -d 10
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

I don't understand why it would complain about the winbindd_privileged 
directory when I've changed the permissions to it as follows:

drwxr-x---    2 root     squid          72 Dec 18 14:54 
winbindd_privileged/

I'm not sure what the line "not authorized to use winbindd_pam_auth_crap" 
means. I've searched with Google.com but still no solution. I guess this 
is the place to go.

Other info: Distro TSL 2.0 on NEC Express5800 120 Lf (PIII 1.4 GHz, 256MB)

Regards,
Teddy Lim
NEC Philippines, Inc.

More information about the samba mailing list