ntlm_auth account lockout problem
davea at support.kcm.org
Fri Jan 9 11:53:44 GMT 2004
On Wed, 2004-01-07 at 15:48, Andrew Bartlett wrote:
> On Wed, Jan 07, 2004 at 09:51:36AM -0600, Dave Augustus wrote:
> > Hello to those of you using ntlm_auth with Squid in a Windows PDC
> > environment!
> > We have installed Squid in a test config but a problem has cropped up
> > where users accounts are being "locked out" randomly. This will happen
> > while they are surfing - an auth will popup and their account is then
> > locked.
> That's a rather interesting problem I've not seen before. Account
> lockout occours because too many wrong passwords have been sent to the
> DC. What is the limit at your site?
The limit is 5
> > Any insight?
> > Here is my squid config:
> > (yes, I am using Samba V3's ntlm_auth, not squid's)
> > auth_param ntlm program /usr/local/bin/ntlm_auth
> > --helper-protocol=squid-2.5-ntlmssp
> > auth_param ntlm children 5
> Up this.
set it to 15
> > auth_param ntlm max_challenge_reuses 5
> Set this to 0
> > auth_param ntlm max_challenge_lifetime 10 minutes
> and set this to 0. The challenge re-use code *might* be getting
> something wrong. That's the only thing I can think of that would
> cause this :-(
This problem occurs 5-10 times a day for various users. I am going to
attempt to use 3.0.2pre1. Can I use ONLY the ntlm_auth from that release
or *must* I use all the samba components together?
> > squid 2.5stable4 on Redhat 9
> > kerberos 1.3.1
> > Samba V3
> > Windows PDC on W2K
> This looks pretty normal.
> Andrew Bartlett
More information about the samba-technical