[squid-users] SquidNT 2.6 mswin_check_lm_group.exe problem

From: Darren Worrall \(Eclipse\) <[email protected]>
Date: Tue, 4 Jul 2006 17:28:59 +0100

Hi guys,

I'm having trouble with the mswin_check_lm_group.exe helper program
under SquidNT 2.6. The relevant portion of my config is below:

=====================================================================
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
auth_param ntlm children 5
auth_param ntlm use_ntlm_negotiate on
auth_param ntlm keep_alive on
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

external_acl_type win_domain_group %LOGIN
c:/squid/libexec/mswin_check_lm_group.exe -G -d

acl localnet proxy_auth REQUIRED src 172.30.0.0/16 172.29.0.0/16
acl InetAllow external win_domain_group Internet_Users
http_access allow InetAllow
======================================================================

The NTLM auth stuff is working fine, but whenever I try and make a
connection now, I get the following in my logs:

======================================================================
/mswin_check_lm_group.exe[376]: Got 'domainname%5cdaz Internet_Users'
from Squid (length: 29).

/mswin_check_lm_group.exe[376]: Valid_Global_Groups: checking group
membership of 'domainname\domainname%5cdaz'.

/mswin_check_lm_group.exe[376]: Using '\\DCSERVER' as DC for
'domainname' local domain.

/mswin_check_lm_group.exe[376]: Using '\\DCSERVER' as DC for
'domainname' user's domain.

/mswin_check_lm_group.exe NetUserGetGroups() failed.'
======================================================================

It appears that the domain name is being passed twice (second line),
though I don't know if that's relevant. Any tips?

Thanks,

Darren

Hammonds Furniture Ltd
Nutts Lane Industrial Estate
Hinckley
Leicestershire
LE10 3QQ
Tel. +44 (0)1455 251451

Website : http://www.hammonds-uk.com

Registered Office:
Manor Court Chambers, 126 Manor Court Road,
Nuneaton, Warwickshire CV11 5HL, England.

Registered in England No.1320508

This document is intended for, and should only be read by, those persons to whom it is addressed. Its contents are confidential and if you have received this message in error, please notify us immediately by telephone and delete all records of the message from your computer. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without our prior written consent is strictly prohibited. Neither the author of this message nor their employers accept legal responsibility for the contents of the message. Any views or opinions presented are solely those of the author.
Received on Tue Jul 04 2006 - 10:29:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT