RE: [squid-users] NTLM Auth multiple problems.

From: Sridhar M.N. <[email protected]>
Date: Mon, 29 Nov 2004 08:09:12 -0800 (PST)

Hello all

In my previous mail, there was a small mistake. I had
said that I copied the ntlm_auth file to /usr/bin/
directory from
/usr/local/src/samba-3.0.9/work/samba-3.0.9/source/bin/ntlm_auth

Actually I have copied it from

/usr/local/src/squid-2.5.7/squid-2.5.STABLE7/helpers/ntlm_auth/SMB/ntlm_auth

But I'm still getting the error

  winbindd_pam_auth_crap: Ensure permissions on
/var/lib/samba/winbindd_privileged are set correctly.
[2004/11/29 21:25:23, 2]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642)

  Login for user
[MOSMB.COM]\[ADMINISTRATOR]@[MPDMAVSUS] failed due to
[winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
/var/lib/samba/winbindd_privileged are set correctly.]
[2004/11/29 21:53:02, 0]
utils/ntlm_auth.c:manage_squid_ntlmssp_request(600)
  NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2004/11/29 21:53:02| authenticateNTLMHandleReply:
Error validating user via NTLM. Error returned 'BH
NT_STATUS_ACCESS_DENIED'

And the permissions for
/var/lib/samba/winbindd_privileged is below.

-rw-r--r-- 1 root root 8192 Nov 29 20:32
winbindd_idmap.tdb
drwxr-x--- 2 root nobody 4096 Nov 29 21:52
winbindd_privileged

chmod 750 and chgrp nobody for winbindd_privileged.

nobody 30130 0.1 1.1 6112 4420 ? S
21:52 0:00 (squid)
nobody 30131 0.0 0.2 1904 824 ? Ss
21:52 0:00 (squidGuard) -c
/local/squidGuard/squidGuard.conf
nobody 30136 0.0 0.4 5068 1768 ? Ss
21:52 0:00 (ntlm_auth)
--helper-protocol=squid-2.5-ntlmssp
nobody 30141 0.0 0.4 5016 1600 ? Ss
21:52 0:00 (ntlm_auth)
--helper-protocol=squid-2.5-basic

And squid processes are running under the username
nobody. So what can be the problem here? Sorry for the
trouble as this is the first time I'm working with
samba and it sure has confused me.

Thanks a lot for your support =)

Regards

Srid

--- "Sridhar M.N." <sridmobile@yahoo.com> wrote:

> Hello all
>
> Thanks guys, the problem of squid starting without
> any
> errors is solved at the moment. When I try to browse
> any websites while using the proxy, it even asks for
> authentication. Even after putting in the required
> credentials, ie the username/password and the domain
> it still doesn't authenticate. This is the for the
> configuration of samba and squid after installation.
>
> After installing Samba, I changed
> /etc/samba/smb.conf
> file.
>
> [global]
> workgroup= MOSMB
> log level = 4
> netbios name = MPDMSMB
> realm = MOSMB.COM
> password server = mpdmtest
> security = ads
> preferred master = No
> domain master = False
> local master = No
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind uid = 10000-20000
> winbind gid = 10000-20000
>
> I copied the FILE ntlm_auth to /usr/bin/ directory
> from
>
/usr/local/src/samba-3.0.9/work/samba-3.0.9/source/bin/ntlm_auth
>
> The fqdn for the local domain server is
> mpdmtest.MOSMB.COM
>
> MPDMSMB is the netbios name for the Samba server.
>
> I joined the domain using "net rpc join -U
> Administrator"
>
> /etc/init.d/samba start
>
> winbindd
>
> mpdmsmb ~ # wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> mpdmsmb ~ # wbinfo -u
> Administrator
> Guest
> SUPPORT_388945a0
> MPDMTEST$
> krbtgt
> ...
>
> mpdmsmb ~ # wbinfo -g
> BUILTIN\System Operators
> BUILTIN\Replicators
> BUILTIN\Guests
> BUILTIN\Power Users
>
> All these tests are succeding. But when I try to
> test
> through /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic --domain=MOSMB.COM
> --username=Administrator --password=passwd, nothing
> happens.
>
> /etc/init.d/squid start
>
> Squid starts without any errors and I get the
> authentication popups while I try to browse too. So
> where am I going wrong? I hope that I have included
> everything that is required.
>
> Thanks a lot for the help guys =)
>
>
> Regards
>
> Srid
>
> --- Elsen Marc <elsen@imec.be> wrote:
>
> >
> >
> > > Hello all
> > >
> > > I'm trying to get NTLM Authentication working
> but
> > > haven't been successful with the squid part of
> it.
> > > Everything with samba works perfectly fine. I'm
> > using
> > > samba-3.0.8 and all the samba tests are working
> > fine.
> > > /usr/local/bin/ntlm_auth
> > > -helper-protocol=squid-2.5-basic
> > > --domain=MO.COM --username=Srid
> --password=passwd
> >
> > >
> > > Successful
> > >
> > >
> > > wbinfo -t, wbinfo -u, wbinfo -g, getent passwd
> and
> > > getent group works just fine.
> > >
> > > Below is the squid.conf
> > >
> > > --skip--
> > >
> > > auth_param ntlm program /usr/bin/ntlm_auth
> > > --helperprotocol=squid-2.5-ntlmssp
> > > auth_param ntlm children 5
> > > auth_param ntlm max_challenge_reuses 0
> > > auth_param ntlm max_challenge_lifetime 20
> minutes
> > > auth_param basic program /usr/bin/ntlm_auth
> > > --helperprotocol=squid-2.5-basic
> > > auth_param basic children 5
> > > auth_param basic realm Squid proxy-caching web
> > server
> > > auth_param basic credentialsttl 2 hours
> > >
> > >
> > > acl vlan1 src 10.1.1.0-10.1.1.254
> > > acl vlan21 src 10.1.21.0-10.1.21.254
> > > acl AuthorizedUsers proxy_auth REQUIRED
> > > acl all src 0.0.0.0/0.0.0.0
> > >
> > > --skip--
> > >
> > > http_access allow all AuthorizedUsers
> > > http_access allow vlan1
> > > http_access allow vlan21
> > > http_access allow all
> > > http_access deny all
> > >
> > > There are no errors in log.nmbd/smbd/winbind but
> > there
> > > are some errors in cache.log. The errors are
> > >
> > > 2004/11/25 17:39:39| Unlinkd pipe opened on FD
> 24
> > > 2004/11/25 17:39:39| Swap maxSize 1048576 KB,
> > > estimated 80659 objects
> > > -skip-
> > >
> > > 2004/11/25 17:39:40| WARNING: basicauthenticator
> > #5
> > > (FD 20) exited
> > > 2004/11/25 17:39:40| Done scanning
> > /var/spool/squid
> > > swaplog (0 entries)
> > >
> > > -skip-
> > >
> > > 2004/11/25 17:39:40| store_swap_size = 0k
> > > username must be specified!
> > >
> > > And when username and password is specified in
> the
> > > squid.conf file, I get the errors
> > >
> > > 2004/11/25 17:39:40| Took 0.0 seconds ( 0.0
> > > entries/sec).
> > > FATAL: The basicauthenticator helpers are
> crashing
> > too
> > > rapidly, need help!
> > >
> > > 2004/11/25 17:39:47| WARNING: ntlmauthenticator
> #1
> > (FD
> > > 11) exited
> > > 2004/11/25 17:39:47| WARNING: ntlmauthenticator
> #2
> > (FD
> > > 12) exited
> > > 2004/11/25 17:39:47| WARNING: basicauthenticator
> > #5
> > > (FD 20) exited
> > >
> > > Squid is running with the user/group nobody and
> > the
> > > owenership for the folder and permissions are
> > > specified too
> > >
> > > drwxrw-rw- 2 root nobody 4096 Nov 23 16:41
> > > winbindd_privileged
> > >
> > > What might be the problem? Do I need to make
> > changes
> > > to any of the pam files?
> > >
> > > Thanks for the help =)
>
=== message truncated ===

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Mon Nov 29 2004 - 09:09:17 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:02 MST