RE: [squid-users] NTLM authentication insquid

From: Janco van der Merwe <[email protected]>
Date: Fri, 29 Sep 2006 17:22:52 +0200

Why do you want to join the machine to the domain? What we did was to configure /etc/krb5.conf to your Domain specifications and that way you don't have to go through the pain staking effort of joining a Linux machine to a MS Domain. In any case both Linux and Windows are Kerberos compliant.

Janco v.d Merwe
Network Administrator
Dunns Stores (PTY) Ltd
Switchboard: 011 541 3000
Direct: 011 541 3007
Fax: 086 632 1708

-----Original Message-----
From: Information Security [mailto:InfoSec@adventity.com]
Sent: 29 September, 2006 16:39
To: squid-users@squid-cache.org
Subject: [squid-users] NTLM authentication insquid

Hello,

I am trying to configure NTLM authentication in squid. The squid server
would authenticate users with win2K3 ADS.

I had previously successfully done this with RHEL4. Currently I am
trying on Fedora Core 5, but I am facing a lot of problem this time...
the Linux machine simply does not join the domain.

Authconfig-tui gives me the following error at the end of it:

[2006/09/29 19:50:21, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Transport endpoint is not connected
[2006/09/29 19:50:21, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2641)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from
server MYSERVER.CORP.MYCOMPANY.COM for domain MYDOMAIN.
[2006/09/29 19:50:21, 0] utils/net_rpc_join.c:net_rpc_join_ok(61)
  Error connecting to NETLOGON pipe. Error was
NT_STATUS_NO_TRUST_SAM_ACCOUNT
Unable to join domain MYDOMAIN.

Net join ads -U <AdminUserID> gives me the following error:
[2006/09/29 19:52:21, 0] param/loadparm.c:map_parameter(2647)
  Unknown parameter encountered: "winbind seperator"
[2006/09/29 19:52:21, 0] param/loadparm.c:lp_do_parameter(3398)
  Ignoring unknown parameter "winbind seperator"
<AdminUserID>'s password:
[2006/09/29 19:52:25, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: Transport endpoint is not connected

Unable to find a suitable server

Unable to find a suitable server

Can someone help me out?

Navin J.

Disclaimer: Information transmitted by this e-mail is proprietary to Adventity and/ or its Customers, intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at postmaster@adventity.com and delete this mail from your records.

____________________________________________________________________________
This communication and any attachments are confidential and intended for the sole use of the
intended recipient. Any form of copying or disclosure of this communication to any third parties
without permission is prohibited. The contents of this communication and its attachments are
not intended to be relied upon in law without subsequent written confirmation. As such, Dunns
Stores (Pty) Ltd accept no responsibility or liability (including negligence) for the consequences
of anyone acting, or not acting, on information contained therein.

If you have received this communication in error please notify us immediately and destroy or
delete it.
____________________________________________________________________________
Received on Fri Sep 29 2006 - 09:23:13 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT