[Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'

Andrew Bartlett abartlet at samba.org
Thu Apr 7 12:03:20 GMT 2005


On Thu, 2005-04-07 at 11:47 +0200, fatima riadi wrote:
>  Hi everybody,
>  
>  I setup squid-2.5.STABLE9 with samba-3.0.13 to use
>  winbind authentication over a Windows 2003 Active
>  Directory.
>  Web users' authentication from my proxy server box
>  succeedes.
>  But when a remote user try to authenticate himself,
>  authentication failes and Squid return the
>  following:
>    authenticateNTLMHandleReply: Error validating user
>  via NTLM. Error returned 'BH
>  NT_STATUS_ACCESS_DENIED'

Are the permissions on the winbind privileged pipe correct, what does
the winbindd.log say?

>  I configured samba with (--with-ads --with-ldap
>  --with-winbind --with-winbind-auth-challenge).

--with-winbind-auth-challenge doesn't exist any more.  It was a Samba
2.2 hack, the privileged pipe dir handled the access control to this
now.

>  And I configure squid with
>  (--enable-auth="ntlm,basic"
>  --enable-basic-auth-helpers="winbind"
>  --enable-ntlm-auth-helpers="winbind").

These last two options build helpers in the squid sources which are
incompatible with Samba 3.0.  They should not be built or used.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050407/97c8fc4b/attachment.bin


More information about the samba mailing list