RE: [squid-users] Error returned 'BH NT_STATUS_ACCESS_DENIED'

From: fatima riadi <[email protected]>
Date: Thu, 7 Apr 2005 15:47:15 +0200 (CEST)

Thank you very much for your reply.
I had to change permissions to the winbindd_privileged
file. The problem is that I had to set 777 (chmod
777) as permissions to that file. Which is not a good
thing!

--- Elsen Marc <elsen@imec.be> wrote:
>
>
> >
> > Hi everybody,
> >
> > I setup squid-2.5.STABLE9 with samba-3.0.13 to use
> > winbind authentication over a Windows 2003 Active
> > Directory.
> > Web users' authentication from my proxy server box
> > succeede.
> > But when a remote user try to authenticate
> himself,
> > authentication failes and Squid return the
> following:
> > authenticateNTLMHandleReply: Error validating
> user
> > via NTLM. Error returned 'BH
> NT_STATUS_ACCESS_DENIED'
> >
> > I configured samba with (--with-ads --with-ldap
> > --with-winbind --with-winbind-auth-challenge).
> >
> > And I configure squid with
> (--enable-auth="ntlm,basic"
> > --enable-basic-auth-helpers="winbind"
> > --enable-ntlm-auth-helpers="winbind").
> >
> > My squid.conf file containes the following:
> > auth_param ntlm program
> > /usr/local/samba/bin/ntlm_auth
> > --helper-protocol=squid-2.5-ntlmssp
> > auth_param ntlm children 5
> > auth_param ntlm max_challenge_reuses 0
> > auth_param ntlm max_challenge_lifetime 2 minutes
> >
>
> >
> > auth_param basic program
> > /usr/local/samba/bin/ntlm_auth
> > --helper-protocol=squid-2.5-basic
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web
> > server
> > auth_param basic credentialsttl 2 hours
> >
>
> >
> > acl authUsers proxy_auth REQUIRED
> > http_access allow authUsers
> > http_access deny all
> >
> > Does anyone have an idea?
> > Thanks in advance.
> >
>
> BTW , there seems to be a recently discovered issue
> with this
> SAMBA release and Windows 2003 SP1
> being used as a AD (and or domain controller)
> (>Windows 2003 SP1< recently made available by MS$)
> :
>
> Checkout this thread :
>
>
>
http://lists.samba.org/archive/samba-technical/2005-April/040187.html
>
> You apparently may need this samba patch :
>
>
>
http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch
>
> M.
>

        

        
                
__________________________________________________________________
D�couvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Cr�ez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
Received on Thu Apr 07 2005 - 07:47:17 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT