[Samba] ntlm_auth problem in Squid 2.5
Andrew Bartlett
abartlet at samba.org
Wed Dec 24 21:01:02 GMT 2003
On Thu, 2003-12-18 at 19:18, teddy_lim at necph.nec.co.jp wrote:
> Hi!
>
> I have a problem with the ntlm_auth helper (samba-3.0.2) under squid. I
> got the following from the cache.log:
> Login for user [NECPHIL]\[GUEST]@[TEDDY] failed due to [winbind client
> not aut
> horized to use winbindd_pam_auth_crap. Ensure permissions on
> /var/cache/samba/w
> inbindd_privileged are set correctly.]
> [2003/12/18 15:36:48, 0]
> utils/ntlm_auth.c:manage_squid_ntlmssp_request(375)
> NTLMSSP BH: NT_STATUS_ACCESS_DENIED
>
> squid.conf settings are:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp -d 10
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
Just checking - squid is running as user and group squid?
> I don't understand why it would complain about the winbindd_privileged
> directory when I've changed the permissions to it as follows:
>
> drwxr-x--- 2 root squid 72 Dec 18 14:54
> winbindd_privileged/
This looks correct.
> I'm not sure what the line "not authorized to use winbindd_pam_auth_crap"
> means. I've searched with Google.com but still no solution. I guess this
> is the place to go.
It means something isn't right with those permissions.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031225/2c23cbde/attachment.bin
More information about the samba
mailing list