NTLM_AUTH Samba4

[christian]

Hi folks, hi devteam,

i'am actually testing samba4 AD and everything is working fine…

But now i want to use ntlm_auth with squid3 and it fails.


I'am trying around a bit and get the following error:

FAIL
#############################################################################
root at samba:~# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered

squidADuser squidADpassword

===============================================================
INTERNAL ERROR: Signal 11 in pid 10389 (4.0.0alpha17-UNKNOWN)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
PANIC: internal error
Abgebrochen

For other user password tests i get the same.

I have tested the following, too:
SAMDOM\squidADuser squidADpassword
squidADuser at SAMDOM squidADpassword
#############################################################################



FAIL
#############################################################################
When i try the first with username and password option i get the following:
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --username="squidADuser" --password="squidADpassword"
i get the stdin where i enter "squidADuser squidADpassword" again
OK

but when i enter a wrong username with the same password i get OK, too
i enter "wrongADuser squidADpassword"
OK

i enter "wrongADuser wrongADpassword"
ERR

i enter "squidADuser wrongADpassword"
ERR
#############################################################################



WORKING
#############################################################################
When i try it directly using 
root at samba:~# /usr/lib/squid3/squid_ldap_auth -b "dc=samdom,dc=example,dc=com" -D "cn=squidADuser,cn=Users,dc=samdom,dc=example,dc=com" -w "squidADpassword" -f "sAMAccountName=%s" -h samdom.example.com

i get the stdin where i enter "squidADuser squidADpassword" again
but here i get the result 
OK 

and for wrong username/password combination i get 
ERR

so that command works fine for basic auth in squid3
#############################################################################




But how to get a transparent authentication working without ntlm_auth now ?


Hopefully you have a workaround for this issue and / or solve this in the next build.

For any questions about logfiles please reply


With kindly regards
Christian  / alias Grille on irc #samba




------------------------------------------------------------------------------------------------

Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte Informationen. Wenn Sie nicht der
beabsichtigte Empfaenger sind, informieren Sie bitte sofort den Absender und loeschen Sie diese
E-Mail. Das unbefugte kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen
Informationen ist nicht gestattet.
 
The information contained in this message is confidential or protected by law. If you are not
the intended recipient, please contact the sender and delete this message. Any unauthorized
copying of this message or unauthorized distribution of the information contained herein is
prohibited.