[Samba] Re: NTLM Problems
samba
r76 at libero.it
Tue Nov 1 10:37:49 GMT 2005
Please, post your smb.conf
"Ian Barnes" <ian at opteqint.net> ha scritto nel messaggio
news:20051031194912.84207162C52 at lists.samba.org...
> Hi,
>
> I am running squid and samba to auth users against a 2003 domain. My squid
> setup is something like this:
>
> auth_param ntlm program /usr/local/libexec/squid/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm children 2
> auth_param basic program /usr/local/libexec/squid/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 2
> auth_param basic realm Cache NTLM Authentication
> auth_param basic credentialsttl 2 hours
>
> I then join the domain as follows:
> Net join -S server -w Domain -U username%password
>
> Once that has succeeded I then run winbindd and nmbd. Once that is done,
> if
> I do a wbinfo -u or -g I can see the users and groups of the users I am
> authenticating. All seems fine, but when a user tries to auth, the
> following
> error occurs:
>
> [2005/10/31 11:43:36, 0] utils/ntlm_auth.c:winbind_pw_check(427)
> Login for user [Domain]\[Proxy2]@[ianb] failed due to [Access denied]
> [2005/10/31 11:43:36, 0]
> utils/ntlm_auth.c:manage_squid_ntlmssp_request(600)
> NTLMSSP BH: NT_STATUS_ACCESS_DENIED
>
> If I run a wbinfo -a Proxy2%Password_1 (A valid user and password), I get
> this:
> [root at cont] ~ # wbinfo -a Proxy2%Password_1
> plaintext password authentication failed
> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
> error messsage was: Access denied
> Could not authenticate user Proxy2%Password_1 with plaintext password
> challenge/response password authentication failed
> error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
> error messsage was: Access denied
> Could not authenticate user Proxy2 with challenge/response
> [root at cont] ~ #
>
> The user that I am joining the domain with (in net join) has the following
> set:
> * The account is a local administrator on the device, specified within AD
> * The account has full read access to all user information, it was
> delegated
> to me.
>
> Something else that's strange is that I saw this error a while ago, and
> while trying to debug it, it just stopped occurring, and my users could
> auth
> fine. The domain im authing to has over 1000 users (in the lab where we
> are
> testing) and over 2000 groups.
>
> Could anyone provide some more insight as to why this is happening?
>
> Cheers
> Ian
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list