ntlm_auth account lockout problem
Andrew Bartlett
abartlet at samba.org
Wed Jan 7 21:48:45 GMT 2004
On Wed, Jan 07, 2004 at 09:51:36AM -0600, Dave Augustus wrote:
> Hello to those of you using ntlm_auth with Squid in a Windows PDC
> environment!
>
> We have installed Squid in a test config but a problem has cropped up
> where users accounts are being "locked out" randomly. This will happen
> while they are surfing - an auth will popup and their account is then
> locked.
That's a rather interesting problem I've not seen before. Account
lockout occours because too many wrong passwords have been sent to the
DC. What is the limit at your site?
> Any insight?
>
> Here is my squid config:
> (yes, I am using Samba V3's ntlm_auth, not squid's)
>
>
> auth_param ntlm program /usr/local/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
Up this.
> auth_param ntlm max_challenge_reuses 5
Set this to 0
> auth_param ntlm max_challenge_lifetime 10 minutes
and set this to 0. The challenge re-use code *might* be getting
something wrong. That's the only thing I can think of that would
cause this :-(
>
> squid 2.5stable4 on Redhat 9
> kerberos 1.3.1
> Samba V3
>
> Windows PDC on W2K
>
This looks pretty normal.
Andrew Bartlett
More information about the samba-technical
mailing list