Hi list For the last year I've installed several squid proxies, which authenticate themselves against NT Domains. Each domain is primarly controlled by a Samba PDC (at the moment, Samba-3.0.10) and I have no problems at all. Since Monday, I've tried unsuccessfully to get a squid-2.5-stable8 to run with samba-3.0.11 against a Windows 2003 PDC. Here's the steps: * compile and install samba with winbind and pam support * configure smb.conf + workgroup + password server + security=domain + winbind settings * cp nsswitch/libnss_winbind.so /lib && ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 * start samba * net rpc join -S PDC_NAME -w DOMAIN -U user_with_perms * restart samba * change /etc/nsswitch.conf * samba tests + wbinfo -u /-g /-t * compile and install squid + --prefix=/usr/local/squid-x.xx-yyy --enable-carp --enable-delay-pools --enable-kill-parent-hack --enable-ssl --enable-auth="ntlm,basic" --enable-external-acl-helpers="wbinfo_group" * squid + winbind tests + ntlm_auth --helper-protocol=squid-2.5-basic -> user password OK Everything is ok, it should be working. I then restart samba, and start squid, and when configuring a client browser (IE, Firefox,...) it returns the following: [2005/02/16 15:46:06, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429) winbindd_pam_auth_crap: non-privileged access denied. ! winbindd_pam_auth_crap: Ensure permissions on /usr/local/samba-3.0.10/var/locks/winbindd_privileged are set correctly. [2005/02/16 15:46:06, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642) NTLM CRAP authentication for user [(null)]\[(null)] returned NT_STATUS_ACCESS_DENIED (PAM: 4) Squid is running as nobody.nogroup, but I've got this conf on other proxies and never had any problem. I've been to #squid and #samba @ freenode.net but no one ever gave me a good tip about this, so I'm really cracking my head up. Thanks in advance, Paulo Pires
