[Samba] Samba-Squid-AD: Error returned 'BH
NT_STATUS_ACCESS_DENIED'
Andrew Bartlett
abartlet at samba.org
Thu Apr 7 12:03:20 GMT 2005
On Thu, 2005-04-07 at 11:47 +0200, fatima riadi wrote:
> Hi everybody,
>
> I setup squid-2.5.STABLE9 with samba-3.0.13 to use
> winbind authentication over a Windows 2003 Active
> Directory.
> Web users' authentication from my proxy server box
> succeedes.
> But when a remote user try to authenticate himself,
> authentication failes and Squid return the
> following:
> authenticateNTLMHandleReply: Error validating user
> via NTLM. Error returned 'BH
> NT_STATUS_ACCESS_DENIED'
Are the permissions on the winbind privileged pipe correct, what does
the winbindd.log say?
> I configured samba with (--with-ads --with-ldap
> --with-winbind --with-winbind-auth-challenge).
--with-winbind-auth-challenge doesn't exist any more. It was a Samba
2.2 hack, the privileged pipe dir handled the access control to this
now.
> And I configure squid with
> (--enable-auth="ntlm,basic"
> --enable-basic-auth-helpers="winbind"
> --enable-ntlm-auth-helpers="winbind").
These last two options build helpers in the squid sources which are
incompatible with Samba 3.0. They should not be built or used.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050407/97c8fc4b/attachment.bin
More information about the samba
mailing list