ntlm_auth seems to be sending ERR to squid when it shouldn't. I have two users below that should both work but one doesn't. Any help understanding where I've gone wrong is appreciated. Let's look at this... THIS WORKED: ########################################################### Got SMBIZ+workinguser "SMBIZ+Internet Full" from squid User: -SMBIZ+workinguser- Group: -SMBIZ+Internet Full- SID: -S-1-5-21-2732840889-2280141153-3048588358-1688 Domain Group (2)- GID: -16777253- Sending OK to squid THIS FAILED: ########################################################### Got SMBIZ+failinguser "SMBIZ+Internet Full" from squid User: -SMBIZ+failinguser- Group: -SMBIZ+Internet Full- SID: -S-1-5-21-2732840889-2280141153-3048588358-1688 Domain Group (2)- GID: -16777253- Sending ERR to squid Let's look at the first case... The auth script got "SMBIZ+Internet Full" as the group. Let's see what the SID is for that: [root@inferno squid]# wbinfo -n "SMBIZ+Internet Full" S-1-5-21-2732840889-2280141153-3048588358-1688 Domain Group (2) O.K. Now let's see what the GID for that SID is: [root@inferno squid]# wbinfo -Y S-1-5-21-2732840889-2280141153-3048588358-1688 16777253 That looks right. Now let's get the list of groups that workinguser is in: [root@inferno squid]# wbinfo -r SMBIZ+workinguser 16777216 16777222 16777223 16777252 16777253 <<<<<< 16777255 16777256 So, workinguser is showing in the group that we are interested in. Let's look at the test user: [root@inferno squid]# wbinfo -r SMBIZ+failinguser 16777216 16777251 16777253 <<<<<< He is also in that group so this should have worked also. Right? NTLM SETTINGS ########################################################### auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param ntlm use_ntlm_negotiate on Thanks! -- Gabriel Gunderson http://gundy.org
