[Samba] ntlm_auth problem in Squid 2.5

Andrew Bartlett abartlet at samba.org
Wed Dec 24 21:01:02 GMT 2003

On Thu, 2003-12-18 at 19:18, teddy_lim at necph.nec.co.jp wrote:
> Hi!
> I have a problem with the ntlm_auth helper (samba-3.0.2) under squid. I 
> got the following from the cache.log:

>   Login for user [NECPHIL]\[GUEST]@[TEDDY] failed due to [winbind client 
> not aut
> horized to use winbindd_pam_auth_crap.  Ensure permissions on 
> /var/cache/samba/w
> inbindd_privileged are set correctly.]
> [2003/12/18 15:36:48, 0] 
> utils/ntlm_auth.c:manage_squid_ntlmssp_request(375)
> squid.conf settings are:
> auth_param ntlm program /usr/bin/ntlm_auth 
> --helper-protocol=squid-2.5-ntlmssp -d 10
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes

Just checking - squid is running as user and group squid?

> I don't understand why it would complain about the winbindd_privileged 
> directory when I've changed the permissions to it as follows:
> drwxr-x---    2 root     squid          72 Dec 18 14:54 
> winbindd_privileged/

This looks correct.

> I'm not sure what the line "not authorized to use winbindd_pam_auth_crap" 
> means. I've searched with Google.com but still no solution. I guess this 
> is the place to go.

It means something isn't right with those permissions.  

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031225/2c23cbde/attachment.bin

More information about the samba mailing list