Dave Raven wrote: > Okay I have an update with more progress - it seems the problem is only to > do with ntlmssp. If I only have a basic authenticator - which looks like > the following, it works perfectly: > However, when I use ntlmssp in the squid config, shown below, it does not > work: > > auth_param ntlm program /usr/optec/ntlm_auth.sh ntlmssp > auth_param ntlm children 10 > auth_param ntlm use_ntlm_negotiate yes > > I see the following debug messages: > [2005/11/09 13:22:37, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) > Got user=[ianb] domain=[MASTERMIND] workstation=[LUCY] len1=24 len2=24 > [2005/11/09 13:22:37, 3] utils/ntlm_auth.c:winbind_pw_check(427) > Login for user [MASTERMIND]\[ianb]@[LUCY] failed due to [Wrong Password] > > If I type ian instead of ianb, I see an error saying the user does not > exist. This must mean that somehow the wrong password is being passed in > the wrong way - even though it is typed right. > > For anyone who hasn't read the rest of this thread please note: this only > happens with the security option on the AD server set to ONLY allow > NTLMv2/LMv2 and not anything else. If we turn that off it works > perfectly... It looks like this might be a Samba issue - Ian had stated that if only NTLMv2 is allowed, then Samba can't even join the domain. I would suggest taking this to the Samba list. Adam
