[Samba] NTLM auth problems.

Ian Barnes ian at opteqint.net
Tue Oct 25 10:11:32 GMT 2005


I have encountered a problem and I don't know how or if I can work around
the problem.

I setup squid to use NTLM to auth against a 2003 machine. On windows 2003
there is a security option called: "Network Security: LAN Manager
authentication level properties", now the default option for this setting
is: "Send NTLM response only". If I use the defaults, I can connect fine and
users can auth and everything is perfect. The problem comes in when I change
that setting to read: "Send NTLMv2 response only\refuse LM & NTLM", then I
cant auth anymore, I cant even join the domain anymore.

I am running squid version 2.5.stable4 with samba 3.0.10. My configuration
looks as follows:

I run the following command to join the domain which works if I have the
default option enabled, and fails with invalid username or password with the
custom setting:
# /usr/local/bin/net join -S SERVER -w DOMAIN -U username%password

I then run winbindd and nmbd. If the default setting in 2003 is used, I can
then view users and groups, but with custom setting it doesn't get this far
because the net join fails.

My squid config looks like this:

auth_param ntlm program /usr/local/libexec/squid/ntlm_auth
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm children 2
auth_param basic program /usr/local/libexec/squid/ntlm_auth
auth_param basic children 2
auth_param basic realm Cache NTLM Authentication
auth_param basic credentialsttl 2 hours

Anyone got any suggestions? Im totally lost..


More information about the samba mailing list