Yes I now.....you are tired with my mails but.....I post it again I compiled samba with the follow options nbsf000si10:/usr/src/samba-3.0.13/source# ./configure --with-ldap --with-fhs --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --with-netatalk --with-smbmount --with-pam --with-syslog --with-utmp --with-readline --with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs --with-automount --with-acl-support --with-tdbsam I check wbinfo with root nbsf000si10:/usr/src/samba-3.0.13/source# wbinfo -t checking the trust secret via RPC calls succeeded I check the plain auth with root nbsf000si10:/var/log/samba# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic Myuser mypass OK I have this lines in squid.conf auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl Authenticated proxy_auth REQUIRED http_access allow Authenticated cache_effective_user squid cache_effective_group squid The perms on the pipe are drwxr-x--- 2 root squid 72 Apr 4 17:57 winbindd_privileged And the pipe perms are nbsf000si10:/var/lib/samba/winbindd_privileged# ls -l total 0 srwxrwxrwx 1 root root 0 Apr 4 17:57 pipe The location of the pipe is /var/lib/samba/winbindd_privileged/pipe, is important ? Now I test again using squid user squid@nbsf000si10:~$ whoami squid squid@nbsf000si10:~$ wbinfo -t checking the trust secret via RPC calls succeeded squid@nbsf000si10:~$ /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic Myuser mypass OK PAM config is nbsf000si10:/etc/pam.d# cat squid #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth-winbind account required /lib/security/pam_stack.so service=system-auth-winbind The squid ntlm auth DOESN´T WORK !!!! I don´t now where is the error.... If I try with IE, I have the standard ie error page _The page cannot be displayed_ and the log say 1112646622.054 0 172.16.254.231 TCP_DENIED/407 1741 GET http://www.squid-cache.org/ - NONE/- text/html 1112646622.059 0 172.16.254.231 TCP_DENIED/407 1745 GET http://www.squid-cache.org/ - NONE/- text/html 1112646622.091 0 172.16.254.231 TCP_DENIED/407 1741 GET http://www.squid-cache.org/ - NONE/- text/html 1112646622.132 0 172.16.254.231 TCP_DENIED/407 1745 GET http://www.squid-cache.org/ - NONE/- text/html Four (4) entrys from one access try If I use Firefox (must ask me for usr/pass, but don´t) just only I have the squid error page ERROR Cache Access Denied And the squid.log say 1112646702.030 24 172.16.254.231 TCP_DENIED/407 1741 GET http://www.squid-cache.org/ - NONE/- text/html 1112646702.167 9 172.16.254.231 TCP_DENIED/407 1745 GET http://www.squid-cache.org/ - NONE/- text/html Two entrys from one access and never ask me for user pass Exists another test to try the winbind and squid connection? I need help please!! Reards
